All the vulnerabilites related to dell - bsafe_ssl-j
Vulnerability from fkie_nvd
Published
2024-02-02 16:15
Modified
2024-11-21 07:09
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * | |
| dell | bsafe_ssl-j | 7.0 | |
| dell | bsafe_crypto-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82A7B894-3248-4DF6-9DCC-E544979EB97D",
"versionEndExcluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50D0F0DB-24D9-4338-A981-48777D482BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBAF8-810E-4CF3-8255-1279D6FBB2A4",
"versionEndExcluding": "6.2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.\n\n"
},
{
"lang": "es",
"value": "Dell BSAFE SSL-J versi\u00f3n 7.0 y todas las versiones anteriores a 6.5, y las versiones Dell BSAFE Crypto-J anteriores a 6.2.6.1 contienen una vulnerabilidad de componente de terceros sin mantenimiento. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que comprometer\u00eda el sistema afectado. Esta es una vulnerabilidad cr\u00edtica y Dell recomienda a los clientes actualizar lo antes posible."
}
],
"id": "CVE-2022-34381",
"lastModified": "2024-11-21T07:09:23.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T16:15:45.460",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1329"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2AD44D-3BE8-4541-B62D-9F01D46F8E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF2E08B-9046-41A1-BEDE-EB0B6436315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "811E1BE8-3868-49F8-B6E8-D5705559B02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D67C9DB4-E46C-4E84-82D9-AF48EFDAEFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0E1BF0-6629-40DC-AB23-0256BABD0CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC4E7E5-FCC1-46B0-B69F-F1F6B36838ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4AED89-F862-4071-8E94-481A59EDAE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3CB6FF-3840-4E80-A0A4-614D6686D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67010B0B-ECE7-4EE5-B103-05DC637E150F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1355EF99-35FC-44A7-BC56-F7C0EA49BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA8F10-B059-4403-A790-EFC8822588B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A06BCD31-3FB6-468B-9BC9-EA573717B19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "360238CC-3BF5-4750-B16D-8A2E0257022E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C55C754-E213-4E79-AA7B-2CAF8A464388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA524-5A79-408C-BBF2-5780BC522B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D599C49D-4D7D-4C44-9D8D-A3F76746BBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4DC717-0785-4C19-8A33-ACA5F378DF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "858843D3-84BB-48B6-80D1-1271AE60150D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7B80E0-40BB-4B4E-9711-AF293A038DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFCFFE8-9CAD-4A7F-9751-8627E6297C9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3653856-207E-46A7-92DD-D7F377F1829A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4627BB-0D75-44BC-989F-0E85C9FA0E2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19053434-F9E7-4839-AB5A-B226CC4616A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D04CABBA-7BEB-44EC-A6E4-A31E41A62BD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8D15C938-4DAB-4011-80EE-A2663E20BFC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C056ED-2492-4B1C-BCB9-4F36806C4A48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A72FC232-A2CB-443B-9A4A-8BBFEFE6517C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BA347CD3-0619-4EA2-A736-B59EE9E3AC12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4ACEF29C-3225-43A7-9E07-FBCCF555887E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "46D932AF-FB1A-464D-BA3D-2DC2D3C187CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F532860-9E26-45C3-9FB3-6B0888F1279A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
},
{
"lang": "es",
"value": "El c\u00f3digo que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2004-0112",
"lastModified": "2024-11-20T23:47:47.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "160EBE76-7CED-4210-9FBB-8649B14DAE1A",
"versionEndExcluding": "12.2.0.1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves DSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves DSA."
}
],
"id": "CVE-2019-3740",
"lastModified": "2024-11-21T04:42:26.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.173",
"references": [
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2024-11-21 02:42
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-j | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_ssl-c | * | |
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "673ED099-C778-4E51-89C4-369490646348",
"versionEndIncluding": "4.0.5.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42D145F5-46EA-4198-BD59-BB296461324E",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D1B34C-998E-46E6-B7CF-EE28C8E5FBC8",
"versionEndExcluding": "6.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5456BD00-766C-4868-9BA5-C8E82B353808",
"versionEndIncluding": "4.0.11",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "261B4766-7CD0-47F8-997E-706129AA0A5E",
"versionEndExcluding": "4.1.5",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03175755-5E21-4B3A-A329-9F1804CF98CF",
"versionEndExcluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CE780D-E392-4543-A531-F6740823C53D",
"versionEndExcluding": "6.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application\u0027s failure to detect an RSA signature failure during a TLS session."
},
{
"lang": "es",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicaci\u00f3n para detectar un fallo de firma RSA durante una sesi\u00f3n TLS."
}
],
"id": "CVE-2016-0887",
"lastModified": "2024-11-21T02:42:34.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T23:59:31.413",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Apr/66"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035515"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035516"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Apr/66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035517"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
},
{
"lang": "es",
"value": "Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica mediante el aprovechamiento del procesamiento de datos de la aplicaci\u00f3n durante el handshake de TLS, en el momento cuando los datos no est\u00e1n cifrados ni autenticados."
}
],
"id": "CVE-2014-0626",
"lastModified": "2024-11-21T02:02:31.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.173",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-30 15:59
Modified
2024-11-21 02:10
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link | |
| security_alert@emc.com | http://www.securityfocus.com/bid/72534 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://secure-resumption.com/ | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72534 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secure-resumption.com/ | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_micro-edition-suite | 4.0.0 | |
| dell | bsafe_micro-edition-suite | 4.0.1 | |
| dell | bsafe_micro-edition-suite | 4.0.2 | |
| dell | bsafe_micro-edition-suite | 4.0.3 | |
| dell | bsafe_micro-edition-suite | 4.0.4 | |
| dell | bsafe_micro-edition-suite | 4.0.5 | |
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9070318E-1AB0-4EC9-8192-D7E2BCF1B4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAAD58D-7B35-4C0C-8800-DF8B78999A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F608E0D4-F71E-4F84-9170-7BE65F415B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA858A4-7617-4930-9D47-0B334E5A64B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE2BD4F-AF53-4BFF-A652-FB9D181036CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A8C0D1-7201-48FC-8F72-1D138EDBDCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFB0541-6B9F-4C15-886E-45831E5C680E",
"versionEndIncluding": "6.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
},
{
"lang": "es",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociaci\u00f3n como lo era antes de ella, lo que permite ataques \u0027man-in-the-middle\u0027 para obtener informaci\u00f3n sensible o modificar datos de la sesi\u00f3n TLS a trav\u00e9s de \u0027ataque de triple negociaci\u00f3n\u0027"
}
],
"id": "CVE-2014-4630",
"lastModified": "2024-11-21T02:10:36.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-30T15:59:00.063",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72534"
},
{
"source": "security_alert@emc.com",
"tags": [
"Technical Description"
],
"url": "https://secure-resumption.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://secure-resumption.com/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
},
{
"lang": "es",
"value": "La implementaci\u00f3n SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) mediante la activaci\u00f3n del procesamiento de los datos de aplicaci\u00f3n durante el handshake de TLS, en el momento cuando los datos est\u00e1n almacenados en buffer internamente."
}
],
"id": "CVE-2014-0625",
"lastModified": "2024-11-21T02:02:31.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.143",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-23 22:15
Modified
2024-11-21 06:50
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF777CC-55D9-4B4A-8E0D-71A5835B9296",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date."
},
{
"lang": "es",
"value": "Dell BSAFE SSL-J contiene una soluci\u00f3n para una vulnerabilidad de canal de tiempo encubierto que puede ser explotada por usuarios maliciosos para comprometer el sistema afectado. S\u00f3lo los clientes con contratos de mantenimiento BSAFE activos pueden recibir detalles sobre esta vulnerabilidad. La divulgaci\u00f3n p\u00fablica de los detalles de la vulnerabilidad se compartir\u00e1 en una fecha posterior"
}
],
"id": "CVE-2022-24409",
"lastModified": "2024-11-21T06:50:21.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-23T22:15:07.647",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-12 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | icdn | 2.0 | |
| dell | bsafe_ssl-j | 3.0 | |
| dell | bsafe_ssl-j | 3.0.1 | |
| dell | bsafe_ssl-j | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E074F8F9-6997-45FE-8FB9-4A800C896DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
],
"id": "CVE-2001-1105",
"lastModified": "2024-11-20T23:36:53.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*",
"matchCriteriaId": "C48F4DF4-8091-45D0-9F80-F760500B1202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
},
{
"lang": "es",
"value": "OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS."
}
],
"id": "CVE-2004-0081",
"lastModified": "2024-11-20T23:47:43.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11139"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "cve@mitre.org",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-10 20:15
Modified
2024-11-21 07:09
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * | |
| dell | bsafe_ssl-j | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82A7B894-3248-4DF6-9DCC-E544979EB97D",
"versionEndExcluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50D0F0DB-24D9-4338-A981-48777D482BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nDell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.\n\n.\n\n\n\n\n\n\n\n"
}
],
"id": "CVE-2022-34364",
"lastModified": "2024-11-21T07:09:21.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-10T20:15:52.917",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1295"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-10 03:15
Modified
2024-11-21 07:54
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * | |
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83A641BB-542A-404B-9B5C-4356F2F55EF5",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EBF250-3157-40DE-A73A-3F331897DBFE",
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n"
},
{
"lang": "es",
"value": "Dell BSAFE SSL-J, versiones anteriores a 6.5 y versiones 7.0 y 7.1 contienen un mensaje de depuraci\u00f3n que revela una vulnerabilidad de informaci\u00f3n innecesaria. Esto puede llevar a revelar informaci\u00f3n confidencial a un usuario con privilegios locales."
}
],
"id": "CVE-2023-28077",
"lastModified": "2024-11-21T07:54:21.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-10T03:15:07.680",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1295"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "287CF5FA-D0EC-4FD7-9718-973587EF34DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C88168D4-7DB5-4720-8640-400BB680D0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"matchCriteriaId": "968915A1-375B-4C69-BE11-9A393F7F1B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11465DCA-72E5-40E9-9D8E-B3CD470C47E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E586558A-ABC3-42EB-8B4D-DC92A0D695E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4C5F60-B32D-4D85-BA28-AE11972ED614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5935C3-3D83-461F-BC26-E03362115C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80AC523B-3106-46F2-B760-803DCF8061F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B8D6F3-D15D-489F-A807-17E63F4831F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808189BA-197F-49CE-933E-A728F395749C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7EF0CD-EA39-457B-8E2E-9120B65A5835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC2983F-5212-464B-AC21-8A897DEC1F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF17989-D1F2-4B04-80BD-CFABDD482ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "32310AFE-38CC-4C6C-AE13-54C18720F2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E140F76-D078-4F58-89CF-3278CDCB9AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D76A8D-832B-411E-A458-186733C66010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF29685-7FFC-4093-A1D4-21E4871AF5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"matchCriteriaId": "E72872C9-63AF-417F-BFAE-92B4D350C006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"matchCriteriaId": "80BCF196-5E5A-4F31-BCE7-AA0C748CA922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"matchCriteriaId": "970939C5-1E6F-47B6-97E6-7B2C1E019985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1F4148-E772-4708-8C1F-D67F969C11DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"matchCriteriaId": "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B87C95-4B34-4628-AD03-67D1DE13E097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F04471C-732F-44EE-AD1B-6305C1DD7DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E237919A-416B-4039-AAD2-7FAE1F4E100D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39149924-188C-40C1-B598-A9CD407C90DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6501108-5455-48FE-AA82-37AFA5D7EC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"matchCriteriaId": "C1A3B951-A1F8-4291-82FA-AB7922D13ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0EF4A3-2FE5-41E4-A764-30B379ECF081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF6D59E-8AEA-4380-B86B-0803B2202F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"matchCriteriaId": "140ABF28-FA39-4D77-AEB2-304962ED48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"matchCriteriaId": "09473DD9-5114-44C5-B56C-6630FBEBCACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7ECD3A4-5A39-4222-8350-524F11D8FFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"matchCriteriaId": "D36C140D-E80C-479A-ADA7-18E901549059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "940712E9-B041-4B7F-BD02-7DD0AE596D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B887A2-9025-4C5B-8901-71BC63BF5293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33264586-7160-4550-9FF9-4101D72F5C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5E6521-0611-4473-82AC-21655F10FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"matchCriteriaId": "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"matchCriteriaId": "8C83ABA2-87CD-429B-9800-590F8256B064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9A576-2878-4AC4-AC95-E69CB8A84A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1A0B02-CF33-401F-9AB2-D595E586C795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90FB3825-21A6-4DBE-8188-67672DBE01CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "80623E58-8B46-4559-89A4-C329AACF3CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AEE6C228-CD93-4636-868B-C19BC1674BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A645148C-AD0D-46C1-BEE3-10F5C9066279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"matchCriteriaId": "02029D75-FAF2-4842-9246-079C7DE36417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0146341-364C-4085-A2E1-BC8C260FBA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8496E0D-2507-4C25-A122-0B846CBCA72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E383F2A-DFCF-47F8-94EE-3563D41EA597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D87EF0-056E-4128-89EB-2803ED83DEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3163C1-2044-44DA-9C88-076D75FDF1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F0E14C-7681-4D1A-B982-A51E450B93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC604680-2E9E-4DC4-ACDD-74D552A45BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"matchCriteriaId": "37A94436-D092-4C7E-B87B-63BC621EE82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "862165CF-3CFB-4C6E-8238-86FA85F243C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "056F3336-BAA8-4A03-90B4-7B31710FC1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC2510-FBB9-429A-B6D4-10AB11F93960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D45127E-A544-40A0-9D34-BD70D95C9772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"matchCriteriaId": "56C69C3E-C895-45C8-8182-7BB412A0C828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"matchCriteriaId": "B931D4F8-23F5-4ABA-A457-959995D30C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6A023E-9C2A-487F-B5CE-674C766BFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A045971-8756-47E8-9044-C39D08B36F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA95881-7231-4FDA-AF73-04DF9FF0B64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44E85930-3AAD-420B-8E3E-AEC57344F6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "00993464-BE09-4691-B3F0-51BBA9FB80C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "896AB39E-2078-4BA2-9522-477BD5F98FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9279EC-47CF-45F1-B4CC-B2B332E82E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7300C3E-8105-4C23-89B9-7D29CED18C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "90C59DB2-48DA-4172-A1F5-25CF3B5097AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "715F4E0B-7E4B-4520-A987-9B3ED3136B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA1F606-C558-40FD-9300-6E2796F47BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A037FAA6-6D26-4496-BC67-03475B4D1155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3831DD3-E783-4200-8986-FDBF7DD9BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "699764B6-0F86-4AB0-86A3-4F2E69AD820C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B83F84-D1EF-43B4-8620-3C1BCCE44553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "41169D2F-4F16-466A-82E9-AD0735472B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "947699C3-D9DE-411A-99C0-44ADD1D2223A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15F668C0-8420-4401-AB0F-479575596CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDCC7B6-34CA-4551-9833-306B93E517BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6D69C160-39F7-48B8-B9A3-CC86690453C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6420B-9F6A-48F4-A445-12B60A320347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"matchCriteriaId": "09F3FB7B-0F68-49F3-A3B7-977A687A42E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"matchCriteriaId": "088F2FF7-96E5-455E-A35B-D99F9854EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"matchCriteriaId": "FFA721BF-1B2E-479F-BF25-02D441BF175B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"matchCriteriaId": "AFEDCE49-21CC-4168-818F-4C638EE3B077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"matchCriteriaId": "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1A5808-6D5D-48AD-9470-5A6510D17913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D09E11C-C5BB-409E-BB0D-7F351250419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B06A05D-AA31-441D-9FC2-3558648C3B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0886901-6F93-44C1-B774-84D7E5D9554C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F203A80-7C1E-4A04-8E99-63525E176753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A204C-158B-4014-A53C-75E0CD63E0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "085BA581-7DA5-4FA4-A888-351281FD0A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1C4B3C-5701-4233-BA94-28915713F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F85F672-0F21-4AD7-8620-13D82F2ECC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89070041-613A-4F7B-BD6A-C6091D21FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A71933-4BD5-4B11-8B14-D997E75F29CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6BE11D-FC02-4950-A554-08CC9D8B1853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B80ADAE8-94D4-46A4-A5ED-FF134D808B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69FA0221-5073-4D45-950F-119497B53FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC1A110-B203-4962-8E1A-74BD98121AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A92C4D-B024-4D39-9479-409C39586F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8998CC-E372-46D0-8339-47DC8D92D253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF131FDC-BF8D-4A17-99F0-444EB900E83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "880811B3-E78E-456E-972E-DE733F368576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22411F18-2B93-405A-A3B5-2CF0A04977C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C71188B7-E6DC-41E5-B619-367341113501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07491444-0196-4504-A971-A5E388B86BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72BC6CD2-3291-4E69-8DC6-F3AB853F8931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD43EDDF-58A7-4705-B8C7-FD76C35A437D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C2E603-568F-40F6-9A7C-439E2A51B37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "703421A7-E8C5-450B-97EF-FD9D99D4B834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9519BCB2-B401-44CE-97F6-847BB36AE45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2CDFE7-6853-4A31-85C0-50C57A8D606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"matchCriteriaId": "408A9DB0-81EF-4186-B338-44954E67289B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "303362A5-9C3C-4C85-8C97-2AB12CE01BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "FED22DC1-E06B-4511-B920-6DAB792262D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F757B2A7-869F-4702-81EB-466317A79D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64AF1E33-4086-43E2-8F54-DA75A99D4B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "53D16F03-A4C7-4497-AB74-499F208FF059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "13A33EC1-836B-4C8C-AC18-B5BD4F90E612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda) mediante una h\u00e1bil uni\u00f3n SSL/TLS que provoca un puntero nulo."
}
],
"id": "CVE-2004-0079",
"lastModified": "2024-11-20T23:47:42.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11139"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17381"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17398"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17401"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18247"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E26D80A2-E490-44B6-A8D2-1AEF487E72B2",
"versionEndIncluding": "2.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F26126-55C2-4E2E-A586-D93FF38ABF6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0.210420:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9A68D0-1C6A-4B0B-934B-F82555C09C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podr\u00eda explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma clave compartida predecible."
}
],
"id": "CVE-2019-3738",
"lastModified": "2024-11-21T04:42:26.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.047",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-11 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86697545-1BE7-457C-9AE9-B5270C531D49",
"versionEndExcluding": "6.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material."
},
{
"lang": "es",
"value": "RSA BSAFE SSL-J en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de inspecci\u00f3n de memoria din\u00e1mica (heap) que podr\u00eda permitir que un atacante con acceso f\u00edsico al sistema recupere material clave sensible."
}
],
"id": "CVE-2018-11068",
"lastModified": "2024-11-21T03:42:36.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T19:29:01.130",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-11 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86697545-1BE7-457C-9AE9-B5270C531D49",
"versionEndExcluding": "6.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."
},
{
"lang": "es",
"value": "RSA BSAFE SSL-J, en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto tambi\u00e9n se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podr\u00eda ser capaz de recuperar una clave RSA."
}
],
"id": "CVE-2018-11069",
"lastModified": "2024-11-21T03:42:37.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T19:29:01.270",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:23
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2015/Aug/84 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/76377 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1033297 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1033298 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2015/Aug/84 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76377 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033297 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033298 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| dell | bsafe_ssl-c | * | |
| dell | bsafe_ssl-j | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
"matchCriteriaId": "881DAA21-9EDC-4E14-8EDC-D9CEDA06829F",
"versionEndExcluding": "4.0.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*",
"matchCriteriaId": "0827F5F6-5146-4AE7-935E-A1721D0EB656",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C58A542-D445-466F-B897-5D9A88B486E2",
"versionEndIncluding": "2.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1B7149-78D4-4D1A-97B3-6441ADED030C",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, a similar issue to CVE-2014-8275."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2, RSA BSAFE SSL-J en versiones anteriores a 6.2 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, no fuerza ciertas restricciones en datos de certificado, lo que permite a atacantes remotos anular el mecanismo de protecci\u00f3n de lista negra de certificados basado en fingerprint mediante la inclusi\u00f3n de datos manipulados en una porci\u00f3n sin firmar de un certificado, un problema similar a CVE-2014-8275."
}
],
"id": "CVE-2015-0534",
"lastModified": "2024-11-21T02:23:15.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-08-20T10:59:01.310",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76377"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033297"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033298"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
},
{
"lang": "es",
"value": "La implementaci\u00f3n API SSLEngine en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos provocar la selecci\u00f3n de una suite de cifrado d\u00e9bil mediante el uso del m\u00e9todo Wrap durante cierto estado del handshake incompleto."
}
],
"id": "CVE-2014-0627",
"lastModified": "2024-11-21T02:02:31.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.207",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves ECDSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves ECDSA."
}
],
"id": "CVE-2019-3739",
"lastModified": "2024-11-21T04:42:26.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.110",
"references": [
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
cve-2022-24409
Vulnerability from cvelistv5
Published
2022-02-23 21:30
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE SSL-J |
Version: 5.1 < unspecified Version: unspecified < 6.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE SSL-J",
"vendor": "Dell",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThan": "6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385: Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T18:20:08",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-02-15",
"ID": "CVE-2022-24409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE SSL-J",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1"
},
{
"version_affected": "\u003c",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385: Covert Timing Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24409",
"datePublished": "2022-02-23T21:30:09.240961Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-17T00:05:29.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28077
Vulnerability from cvelistv5
Published
2024-02-10 03:11
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE SSL-J |
Version: 6.0.x ≤ 6.5 Version: 7.0 ≤ 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T13:35:02.561559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:50.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell BSAFE SSL-J\t",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "6.0.x",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "7.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-05-19T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \u003c/span\u003e\n\n"
}
],
"value": "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "CWE-1295: Debug Messages Revealing Unnecessary Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-10T03:11:28.614Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28077",
"datePublished": "2024-02-10T03:11:28.614Z",
"dateReserved": "2023-03-10T05:10:02.997Z",
"dateUpdated": "2024-08-02T12:30:23.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1105
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/SSL-J-pub.html | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/3329 | vdb-entry, x_refsource_BID | |
| http://www.ciac.org/ciac/bulletins/l-141.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7112 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html",
"refsource": "CONFIRM",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1105",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11069
Vulnerability from cvelistv5
Published
2018-09-11 19:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041614 | vdb-entry, x_refsource_SECTRACK | |
| https://seclists.org/fulldisclosure/2018/Sep/7 | mailing-list, x_refsource_FULLDISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell EMC | RSA BSAFE SSL-J |
Version: unspecified < 6.2.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE SSL-J",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Covert Timing Channel Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1041614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-09-05T04:00:00.000Z",
"ID": "CVE-2018-11069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE SSL-J",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2.4"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Covert Timing Channel Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11069",
"datePublished": "2018-09-11T19:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T19:35:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34364
Vulnerability from cvelistv5
Published
2023-02-10 19:13
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | BSAFE SSL-J |
Version: 0 ≤ Version: 7.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BSAFE SSL-J",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2022-09-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.\u003c/span\u003e\n\n.\u003c/span\u003e\n\n\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\n\n\nDell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.\n\n.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "CWE-1295: Debug Messages Revealing Unnecessary Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T06:05:56.612Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34364",
"datePublished": "2023-02-10T19:13:42.880Z",
"dateReserved": "2022-06-23T18:55:17.083Z",
"dateUpdated": "2024-08-03T09:07:16.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0079
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "FEDORA-2005-1042",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
},
{
"name": "ESA-20040317-003",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "SSRT4717",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "oval:org.mitre.oval:def:2621",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "17381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17381"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "oval:org.mitre.oval:def:9779",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
},
{
"name": "oval:org.mitre.oval:def:975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"name": "http://www.openssl.org/news/secadv_20040317.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "FreeBSD-SA-04:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
},
{
"name": "NetBSD-SA2004-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "17401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17401"
},
{
"name": "RHSA-2005:829",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
},
{
"name": "oval:org.mitre.oval:def:870",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
},
{
"name": "RHSA-2005:830",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
"refsource": "CONFIRM",
"url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17398"
},
{
"name": "SSA:2004-077",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "RHSA-2004:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "openssl-dochangecipherspec-dos(15505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "VU#288574",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"name": "DSA-465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "18247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18247"
},
{
"name": "oval:org.mitre.oval:def:5770",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0079",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4630
Vulnerability from cvelistv5
Published
2014-12-30 15:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/72534 | vdb-entry, x_refsource_BID | |
| https://secure-resumption.com/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"
},
{
"name": "72534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secure-resumption.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-16T15:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"
},
{
"name": "72534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secure-resumption.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"
},
{
"name": "72534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72534"
},
{
"name": "https://secure-resumption.com/",
"refsource": "MISC",
"url": "https://secure-resumption.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4630",
"datePublished": "2014-12-30T15:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0534
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 04:10
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033298 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/84 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1033297 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/76377 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033298"
},
{
"name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"name": "1033297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033297"
},
{
"name": "76377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, a similar issue to CVE-2014-8275."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033298"
},
{
"name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"name": "1033297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033297"
},
{
"name": "76377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, a similar issue to CVE-2014-8275."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033298"
},
{
"name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"name": "1033297",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033297"
},
{
"name": "76377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0534",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0627
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0627",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0626
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0626",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0081
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0081",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3738
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10318 | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325: Missing Required Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:41",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325: Missing Required Cryptographic Step"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3738",
"datePublished": "2019-09-18T22:23:10.057919Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:44.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0887
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2016/Apr/66 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1035515 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538055/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1035516 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1035517 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:39.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra\u0027s Attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Apr/66"
},
{
"name": "1035515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035515"
},
{
"name": "20160411 ESA-2016-013: RSA BSAFE\u0026reg; Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"
},
{
"name": "1035516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035516"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"
},
{
"name": "1035517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application\u0027s failure to detect an RSA signature failure during a TLS session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra\u0027s Attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Apr/66"
},
{
"name": "1035515",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035515"
},
{
"name": "20160411 ESA-2016-013: RSA BSAFE\u0026reg; Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"
},
{
"name": "1035516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035516"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"
},
{
"name": "1035517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application\u0027s failure to detect an RSA signature failure during a TLS session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra\u0027s Attack Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Apr/66"
},
{
"name": "1035515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035515"
},
{
"name": "20160411 ESA-2016-013: RSA BSAFE\u0026reg; Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538055/100/0/threaded"
},
{
"name": "1035516",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035516"
},
{
"name": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html"
},
{
"name": "1035517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0887",
"datePublished": "2016-04-12T23:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:39.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0112
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "oval:org.mitre.oval:def:1049",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
},
{
"name": "openssl-kerberos-ciphersuites-dos(15508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"name": "VU#484726",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "oval:org.mitre.oval:def:9580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:928",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "SSRT4717",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "NetBSD-SA2004-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "oval:org.mitre.oval:def:1049",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
},
{
"name": "openssl-kerberos-ciphersuites-dos(15508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"name": "VU#484726",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "oval:org.mitre.oval:def:9580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "SSA:2004-077",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:928",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "SSRT4717",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "MDKSA-2004:023",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "SuSE-SA:2004:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"name": "http://www.openssl.org/news/secadv_20040317.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"name": "NetBSD-SA2004-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"name": "O-101",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "oval:org.mitre.oval:def:1049",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
},
{
"name": "openssl-kerberos-ciphersuites-dos(15508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"name": "VU#484726",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "oval:org.mitre.oval:def:9580",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "SSA:2004-077",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:928",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0112",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-02-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34381
Vulnerability from cvelistv5
Published
2024-02-02 15:30
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-J |
Version: 0 ≤ |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34381",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "Yes"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T04:00:11.570842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:49.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.2.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell BSAFE SSL-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"lessThan": "6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2022-09-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1329",
"description": "CWE-1329: Reliance on Component That is Not Updateable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T16:54:29.967Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34381",
"datePublished": "2024-02-02T15:30:23.697Z",
"dateReserved": "2022-06-23T18:55:17.089Z",
"dateUpdated": "2024-08-03T09:07:16.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0625
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0625",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3739
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310: Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:42",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-09",
"ID": "CVE-2019-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3739",
"datePublished": "2019-09-18T22:23:10.098836Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:43:20.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11068
Vulnerability from cvelistv5
Published
2018-09-11 19:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041614 | vdb-entry, x_refsource_SECTRACK | |
| https://seclists.org/fulldisclosure/2018/Sep/7 | mailing-list, x_refsource_FULLDISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell EMC | RSA BSAFE SSL-J |
Version: unspecified < 6.2.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE SSL-J",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027) Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1041614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-09-05T04:00:00.000Z",
"ID": "CVE-2018-11068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE SSL-J",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2.4"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027) Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041614"
},
{
"name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11068",
"datePublished": "2018-09-11T19:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T23:30:36.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3740
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310: Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:43",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3740",
"datePublished": "2019-09-18T22:23:10.138468Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:40:53.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}