All the vulnerabilites related to oracle - database
var-200904-0267
Vulnerability from variot
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0981",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0981",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0981",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53738",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "8456",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 UNPRIVILEGED DB USERS CAN SEE APEX PASSWORD HASHES",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8456",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"id": "VAR-200904-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:59:06.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53738"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502724/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/8456"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502724/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8456"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.467000",
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2018-10-10T19:32:41.207000",
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"date": "2009-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Application Express Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
}
}
var-202207-0601
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35167"
}
]
},
"cve": "CVE-2020-35167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35167",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377258",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35167",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35167",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35167",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-831",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377258",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35167",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377258"
},
{
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "VULHUB",
"id": "VHN-377258"
},
{
"db": "VULMON",
"id": "CVE-2020-35167"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35167",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84613",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377258",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35167",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377258"
},
{
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"id": "VAR-202207-0601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377258"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:11:57.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200898"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35167"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35167/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377258"
},
{
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377258"
},
{
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377258"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"date": "2023-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"date": "2022-07-11T20:15:08.437000",
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377258"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35167"
},
{
"date": "2023-09-27T03:11:00",
"db": "JVNDB",
"id": "JVNDB-2019-016816"
},
{
"date": "2022-10-06T16:10:07.080000",
"db": "NVD",
"id": "CVE-2020-35167"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0and\u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-831"
}
],
"trust": 0.6
}
}
var-200503-0071
Vulnerability from variot
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. This could result in a false sense of security. Oracle has not released any further information about this weakness. The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. This issue occurs only in Internet Explorer running on Windows. The second issue allows an untrusted applet to interfere with another applet embedded in the same web page. This issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\'\'sandbox\'\' and all restrictions to access restricted resources and systems. BACKGROUND
Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop.
II.
A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer.
III. ANALYSIS
Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine.
V. Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative.
VI. VENDOR RESPONSE
This issue has been fixed in J2SE v 1.4.2_06 available at:
[15]http://java.sun.com/j2se/1.4.2/download.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1029 to this issue. This is a candidate for inclusion in the CVE list ([16]http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
06/29/2004 Initial vendor notification 06/30/2004 Initial vendor response 08/16/2004 iDEFENSE clients notified 11/22/2004 Public disclosure
IX. CREDIT
Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery.
Get paid for vulnerability research [17]http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright \xa9 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [18]customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200503-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jre",
"scope": "eq",
"trust": 3.4,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 09",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 08",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk .0 4",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_09"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 1.5,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "1.3.0"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.23"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.22"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "*"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.3"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_05"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.11"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_01"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_07"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01a"
},
{
"model": "jre .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 06",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 01a",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v8.0"
},
{
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0"
},
{
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11i"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "jinitiator",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "sdk 01a",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.3.1"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6.3"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "sdk 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.9.5"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.1.8"
},
{
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.0.8.25"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "4.5.10.22"
},
{
"model": "express server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.3.4.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.1"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "java runtime environment 05",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0"
},
{
"model": "jre .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2003"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "http server for apps only .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "jre .0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "java runtime environment 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.3"
},
{
"model": "java runtime environment 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"model": "java runtime environment 08",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.5"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
},
{
"model": "oracle9i application server web cache",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.12"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "lotus notes fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:java_sdk-rte:1.3:*:hp-ux_pa-risc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:windows_2000_nt:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:java_sdk-rte:1.4:*:hp-ux_pa-risc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update4:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1a:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security_5400:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jouko Pynnonen jouko@iki.fi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1029",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-1029",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-9459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1029",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#760344",
"trust": 0.8,
"value": "17.55"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#613562",
"trust": 0.8,
"value": "55.60"
},
{
"author": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-9459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. \nOracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. \nThis could result in a false sense of security. Oracle has not released any further information about this weakness. \nThe first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. \nThis issue occurs only in Internet Explorer running on Windows. \nThe second issue allows an untrusted applet to interfere with another applet embedded in the same web page. \nThis issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\\\u0027\\\u0027sandbox\\\u0027\\\u0027 and all restrictions to access restricted resources and systems. BACKGROUND\n\n Java Plug-in technology, included as part of the Java 2 Runtime\n Environment, Standard Edition (JRE), establishes a connection between\n popular browsers and the Java platform. This connection enables\n applets\n on Web sites to be run within a browser on the desktop. \n\n II. \n\n A number of private Java packages exist within the Java Virtual\n Machine\n (VM) and are used internally by the VM. Security restrictions prevent\n Applets from accessing these packages. Any attempt to access these\n packages, results in a thrown exception of \u0027AccessControlException\u0027,\n unless the Applet is signed and the user has chosen to trust the\n issuer. \n\n III. ANALYSIS\n\n Successful exploitation allows remote attackers to execute hostile\n Applets that can access, download, upload or execute arbitrary files\n as\n well as access the network. A target user must be running a browser on\n top of a vulnerable Java Virtual Machine to be affected. It is\n possible\n for an attacker to create a cross-platform, cross-browser exploit for\n this vulnerability. Once compromised, an attacker can execute\n arbitrary\n code under the privileges of the user who instantiated the vulnerable\n browser. \n\n IV. DETECTION\n\n iDEFENSE has confirmed the existence of this vulnerability in Java 2\n Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun\n Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox\n on\n both Windows and Unix platforms can be exploited if they are running a\n vulnerable Java Virtual Machine. \n\n V. \n Other Java Virtual Machines, such as the Microsoft VM, are available\n and\n can be used as an alternative. \n\n VI. VENDOR RESPONSE\n\n This issue has been fixed in J2SE v 1.4.2_06 available at:\n\n [15]http://java.sun.com/j2se/1.4.2/download.html\n\n VII. CVE INFORMATION\n\n The Common Vulnerabilities and Exposures (CVE) project has assigned\n the\n name CAN-2004-1029 to this issue. This is a candidate for inclusion in\n the CVE list ([16]http://cve.mitre.org), which standardizes names for\n security problems. \n\n VIII. DISCLOSURE TIMELINE\n\n 06/29/2004 Initial vendor notification\n 06/30/2004 Initial vendor response\n 08/16/2004 iDEFENSE clients notified\n 11/22/2004 Public disclosure\n\n IX. CREDIT\n\n Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery. \n\n Get paid for vulnerability research\n [17]http://www.idefense.com/poi/teams/vcp.jsp\n\n X. LEGAL NOTICES\n\n Copyright \\xa9 2004 iDEFENSE, Inc. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of iDEFENSE. If you wish to reprint the whole or any\n part of this alert in any other medium other than electronically,\n please\n email [18]customerservice@idefense.com for permission. \n\n Disclaimer: The information in the advisory is believed to be accurate\n at the time of publishing based on currently available information. \n Use\n of the information constitutes acceptance for use in an AS IS\n condition. \n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect,\n or consequential loss or damage arising from use of, or reliance on,\n this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1029"
},
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "PACKETSTORM",
"id": "35118"
}
],
"trust": 5.04
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9459",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1029",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "13271",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#760344",
"trust": 3.3
},
{
"db": "BID",
"id": "12317",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2008-0599",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29035",
"trust": 1.7
},
{
"db": "SREASON",
"id": "61",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#613562",
"trust": 1.6
},
{
"db": "XF",
"id": "18188",
"trust": 1.4
},
{
"db": "BID",
"id": "11726",
"trust": 1.2
},
{
"db": "BID",
"id": "14238",
"trust": 1.1
},
{
"db": "BID",
"id": "14279",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"trust": 0.8
},
{
"db": "USCERT",
"id": "TA05-194A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.7
},
{
"db": "SUNALERT",
"id": "101523",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "57591",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5674",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20041122 SUN JAVA PLUGIN ARBITRARY PACKAGE ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-02-22",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "35118",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "24763",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-78455",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9459",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"id": "VAR-200503-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:28:20.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00897307"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00899041"
},
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01214.html"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01100.html"
},
{
"title": "1257249",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"title": "j2sdk",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=45#update_content"
},
{
"title": "jdksetup",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=22#update_content"
},
{
"title": "201660",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201660-1"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://www.symantec.com/region/jp/avcenter/security/content/2005.01.04.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"title": "Critical Patch Updates and Security Alerts ",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm"
},
{
"title": "Map of Public Vulnerability to Advisory/Alert",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://otn.oracle.co.jp/security/050715_71/top.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jouko.iki.fi/adv/javaplugin.html"
},
{
"trust": 2.5,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/760344"
},
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12317"
},
{
"trust": 1.7,
"url": "http://rpmfind.net/linux/rpm/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13271"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29035"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/61"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/13271/"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/18188"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5674"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0599"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18188"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 0.8,
"url": "http://java.sun.com/products/plugin/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/desktopjava/jre/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/essential/system/securityintro.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/1.5.0/docs/api/java/security/accesscontrolexception.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/reflect/"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/11726"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/1074"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnta05-194a"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14279"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14238"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-194a.html"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/613562"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0599"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5674"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://java.sun.com/products/plugin/versions.html#answers"
},
{
"trust": 0.3,
"url": "http://java.sun.com"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57741-1"
},
{
"trust": 0.3,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
},
{
"trust": 0.3,
"url": "/archive/1/381940"
},
{
"trust": 0.3,
"url": "/archive/1/382281"
},
{
"trust": 0.3,
"url": "/archive/1/382072"
},
{
"trust": 0.3,
"url": "http://www.integrigy.com/analysis.htm"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html"
},
{
"trust": 0.3,
"url": "/archive/1/406293"
},
{
"trust": 0.3,
"url": "/archive/1/404966"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/whitepaper/cpu_july_2005_silently_fixed_bugs.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://java.sun.com/j2se/1.4.2/download.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1029"
},
{
"trust": 0.1,
"url": "http://java.sun.com/products/plugin/."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344"
},
{
"date": "2005-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#613562"
},
{
"date": "2005-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-9459"
},
{
"date": "2004-11-22T00:00:00",
"db": "BID",
"id": "11726"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14238"
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279"
},
{
"date": "2005-01-20T00:00:00",
"db": "BID",
"id": "12317"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"date": "2004-11-24T07:03:46",
"db": "PACKETSTORM",
"id": "35118"
},
{
"date": "2004-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"date": "2005-03-01T05:00:00",
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344"
},
{
"date": "2005-10-19T00:00:00",
"db": "CERT/CC",
"id": "VU#613562"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9459"
},
{
"date": "2009-07-12T08:06:00",
"db": "BID",
"id": "11726"
},
{
"date": "2009-07-12T16:06:00",
"db": "BID",
"id": "14238"
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279"
},
{
"date": "2008-04-07T16:18:00",
"db": "BID",
"id": "12317"
},
{
"date": "2008-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"date": "2017-10-11T01:29:40.293000",
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Java Plug-in fails to restrict access to private Java packages",
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 0.6
}
}
var-200911-0398
Vulnerability from variot
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
SOLUTION: Apply updates (please see the vendor's advisory for details). =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue.
After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2009:323 http://www.mandriva.com/security/
Package : apache Date : December 7, 2009 Affected: 2008.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- .
Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.
This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aruba Networks Security Advisory
Title: TLS Protocol Session Renegotiation Security Vulnerability
Aruba Advisory ID: AID-020810 Revision: 1.0
For Public Release on 02/08/2010
+----------------------------------------------------
SUMMARY
This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2].
The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI.
ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.
AFFECTED ArubaOS VERSIONS
2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS
CHECK IF YOU ARE VULNERABLE
The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply.
Check if the following line appears in your configuration:
web-server mgmt-auth username/password certificate
If the exact line does not appear in the configuration, this issue does not apply.
DETAILS
An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS.
ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface.
Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs).
Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.
CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
WORKAROUNDS
Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk:
-
-
- Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password
-
-
-
- Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate
Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role.
-
-
-
- Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet.
-
SOLUTION
Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical.
The following patches have the fix (any newer patch will also have the fix):
-
-
-
- 2.5.6.24
-
-
-
-
-
- 3.3.2.23
-
-
-
-
-
- 3.3.3.2
-
-
-
-
-
- 3.4.0.7
-
-
-
-
-
- 3.4.1.1
-
-
-
-
-
- RN 3.1.4
-
-
Please contact Aruba support for obtaining patched FIPS releases.
Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release.
REFERENCES
[1] http://extendedsubset.com/?p=8
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+----------------------------------------------------
OBTAINING FIXED FIRMWARE
Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support.
Aruba Support contacts are as follows:
1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
+1-408-754-1200 (toll call from anywhere in the world)
e-mail: support(at)arubanetworks.com
Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades.
EXPLOITATION AND PUBLIC ANNOUNCEMENTS
This vulnerability will be announced at
Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt
SecurityFocus Bugtraq http://www.securityfocus.com/archive/1
STATUS OF THIS NOTICE: Final
Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
DISTRIBUTION OF THIS ANNOUNCEMENT
This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt
Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
REVISION HISTORY
Revision 1.0 / 02-08-2010 / Initial release
ARUBA WSIRT SECURITY PROCEDURES
Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php
For reporting NEW Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php
(c) Copyright 2010 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01963123 Version: 1
HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-12-21 Last Updated: 2009-12-21
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The
vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following temporary software updates to resolve the vulnerability.
NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked
libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the
HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here
http://www.itrc.hp.com/service/cki/secBullArchive.do
To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do
The depots are available are available using ftp. Host / Account / Password
ftp.usa.hp.com / sb02498 / Secure12
HP-UX Release / Temporary Depot name / SHA-1 Sum
B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot / 3B6BE547403C28926482192408D5D5AB603A403D
B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot / 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7
B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot / 1D65F7D49883399F4D202E16754CF7DAE71E3B47
B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot / 943E21D4621B480B5E8E651ACB605B8F7EA47304
B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot / B8836FDB73434A3C26FB411E3F7CB3211129E5AC
MANUAL ACTIONS: Yes Install Apache v2.0.59.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 21 December 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. The upgrades are available from the following location.
For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update.
For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie.
For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1.
We recommend that you upgrade your pound packages. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities
SECUNIA ADVISORY ID: SA40070
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
RELEASE DATE: 2010-06-08
DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40070/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system.
1) An error in the TLS protocol while handling session re-negotiations in included libraries can be exploited to manipulate session data.
For more information see vulnerability #1 in: SA37291
2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code.
The vulnerabilities are reported in versions prior to 3.2.1.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This could force the server to process an attacker's request as if authenticated using the victim's credentials.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619).
The updated packages have been patched to correct these issues. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries.
The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.22"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "gnutls",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.8.5"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"model": "nss",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "hp virtual connect",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "hpe matrix operating environment",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
"version": null
},
{
"model": "hpe systems insight manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
"version": null
},
{
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.8k",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.12.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.8.22",
"versionStartIncluding": "0.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "84181"
},
{
"db": "PACKETSTORM",
"id": "120714"
}
],
"trust": 0.4
},
"cve": "CVE-2009-3555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-001632",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "0"
},
{
"author": "IPA",
"id": "JVNDB-2011-001632",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-41001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). ===========================================================\nUbuntu Security Notice USN-860-1 November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n apache2.2-common 2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n apache2.2-common 2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n apache2.2-common 2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. \nUsers can defend againt server inititiated TLS renegotiation attacks by\nadjusting their Apache configuration to use SSLVerifyClient and\nSSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. An attacker\ncould use this to cause a denial of service in the Apache child process. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 834492 818915da9848657833480b1ead6b4a12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 224594 85a4480344a072868758c466f6a98747\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229128 446b52088b9744fb776e53155403a474\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 142730 d43356422176ca29440f3e0572678093\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 269070 bf585dec777b0306cd80663c11b020df\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 141660 958585d6391847cd5a618464054f7d37\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 206386 06402188459de8dab5279b5bfef768fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 233152 1165607c64c57c84212b6b106254e885\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 143838 28e9c3811feeac70b846279e82c23430\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 209550 496d387e315370c0cd83489db663a356\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 778564 ffd7752394933004094c13b00113b263\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 208528 6672fb116e108687669c89197732fbb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 261510 d3e1155682726cc28859156e647d97b3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 84558 68452b686e89320007e9c5367ce36345\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 926240 8282583e86e84bd256959540f39a515d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 241280 1eea25472875056e34cd2c3283c60171\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246024 5709e7421814ecfb83fff5804d429971\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 258414 8ef063026de9790bac1965427ce1b584\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 213294 09701d434bd102e4205e551b4525afd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 87818 670c62615e107920c45893b3377ab2a0\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 244914 955bb5121da808d44aa994386d90723f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 214286 a378e2e0418631cec0f398379a446172\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2336 009d381342b0be5280835a46c91f01d9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2314 17719223d92d46821098ce178b5947d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 155166 4347806710edff47fc051b4a68d5b448\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 90316 add7f446f6b524343c0066a486dd299a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. USN-990-1\nintroduced the new RFC5746 renegotiation extension in openssl, and\ncompletely resolves the issue. \n\nAfter updating openssl, an Apache server will allow both patched and\nunpatched web browsers to connect, but unpatched browsers will not be able\nto renegotiate. This update introduces the new SSLInsecureRenegotiation\ndirective for Apache that may be used to re-enable insecure renegotiations\nwith unpatched web browsers. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2009:323\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : December 7, 2009\n Affected: 2008.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\n in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\n cause a denial of service (memory consumption) via multiple calls, as\n demonstrated by initial SSL client handshakes to the Apache HTTP Server\n mod_ssl that specify a compression algorithm (CVE-2008-1678). Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\n is configured, does not properly handle an amount of streamed data\n that exceeds the Content-Length value, which allows remote attackers\n to cause a denial of service (CPU consumption) via crafted requests\n (CVE-2009-1890). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). \n \n The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\n the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13\n allows remote FTP servers to cause a denial of service (NULL pointer\n dereference and child process crash) via a malformed reply to an EPSV\n command (CVE-2009-3094). \n \n The mod_proxy_ftp module in the Apache HTTP Server allows remote\n attackers to bypass intended access restrictions and send arbitrary\n commands to an FTP server via vectors related to the embedding of these\n commands in the Authorization HTTP header, as demonstrated by a certain\n module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAruba Networks Security Advisory\n\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\n\nAruba Advisory ID: AID-020810\nRevision: 1.0\n\nFor Public Release on 02/08/2010\n\n+----------------------------------------------------\n\nSUMMARY\n\nThis advisory addresses the renegotiation related vulnerability\ndisclosed recently in Transport Layer Security protocol [1][2]. \n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. If a client browser (victim) is\nconfigured to authenticate to the WebUI over HTTPS using a client\ncertificate, an attacker can potentially use the victim\u0027s credentials\ntemporarily to execute arbitrary HTTP request for each initiation of an\nHTTPS session from the victim to the WebUI. This would happen without\nany HTTPS/TLS warnings to the victim. This condition can essentially be\nexploited by an attacker for command injection in beginning of a HTTPS\nsession between the victim and the ArubaOS WebUI. \n\nArubaOS itself does not initiate TLS renegotiation at any point and\nhence is only vulnerable to scenario where a client explicitly requests\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\nissue unless somehow client certificates are being used to authenticate\ncaptive portal users. \n\nAFFECTED ArubaOS VERSIONS\n\n 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\n2.4.8.x-FIPS\n\n\nCHECK IF YOU ARE VULNERABLE\n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\nconfiguration permits WebUI administration interface clients to connect\nusing either username/password or client certificates. If only one of\nthe two authentication method is allowed, this issue does not seem to apply. \n\nCheck if the following line appears in your configuration:\n\t\n\tweb-server mgmt-auth username/password certificate\n\nIf the exact line does not appear in the configuration, this issue does\nnot apply. \n\t\n\nDETAILS\n\nAn industry wide vulnerability was discovered in TLS protocol\u0027s\nrenegotiation feature, which allows a client and server who already have\na TLS connection to negotiate new session parameters and generate new\nkey material. Renegotiation is carried out in the existing TLS\nconnection. However there is no cryptographic binding between the\nrenegotiated TLS session and the original TLS session. An attacker who\nhas established MITM between client and server may be able to take\nadvantage of this and inject arbitrary data into the beginning of the\napplication protocol stream protected by TLS. Specifically arbitrary\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\nblocks HTTPS session initiation between client and server, establishes\nHTTPS session with the server itself, injects HTTP data and initiates\nTLS renegotiation with the server. Then attacker allows the\nrenegotiation to occur between the client and the server. After\nsuccessful HTTPS session establishment with the server, now the client\nsends its HTTP request along with its HTTP credentials (cookie) to the\nserver. However due to format of attacker\u0027s injected HTTP data, the\nclient\u0027s HTTP request is not processed, rather the attacker\u0027s HTTP\nrequest gets executed with credentials of the client. The attacker is\nnot able to view the results of the injected HTTP request due to the\nfact that data between the client and the server is encrypted over\nHTTPS. \n\nArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected\nby this issue is the HTTPS WebUI administration interface. \n\nPre-requisites for this attack :\n 1. The attacker must be able to establish a MITM between the client and\nthe server (ArubaOS WebUI). \n 2. The attacker must be able to establish a successful HTTPS session\nwith the server (ArubaOS WebUI)\n 3. ArubaOS must be configured to allow certificate based HTTPS\nauthentication for WebUI clients (client certs). \n\nCaptive Portal users do not seem vulnerable to this issue unless somehow\nclient certificates are being used to authenticate captive portal users. \n\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n\nWORKAROUNDS\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. However, in the event that a patch\ncannot immediately be applied, the following steps will help to mitigate\nthe risk:\n\n- - - Disable certificate based HTTPS authentication (and only allow\nusername-password based authentication) for WebUI clients. Client\u0027s\nusername-password authentication POST request will prohibit attacker\u0027s\ninjected HTTP data from executing with client\u0027s cookie. \n CLI command: web-server mgmt-auth username/password\n\n- - - Permit certificate based HTTPS authentication ONLY and disable\nusername-password based authentication to WebUI. This will prohibit\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\nwithout a valid client cert. \n\t CLI command: web-server mgmt-auth certificate\n\t\n\tNote: This step won\u0027t stop command injection from attackers who have\nvalid client certificates but their assigned management role privileges\nare lower than that of the admin. This attack may allow them to run\ncommands at higher privilege than what is permitted in their role. \n\n- - - Do not expose the Mobility Controller administrative interface to\nuntrusted networks such as the Internet. \n\n\n\nSOLUTION\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. \n\nThe following patches have the fix (any newer patch will also have the fix):\n\n- - - - 2.5.6.24\n- - - - 3.3.2.23\n- - - - 3.3.3.2\n- - - - 3.4.0.7\n- - - - 3.4.1.1\n- - - - RN 3.1.4\n\nPlease contact Aruba support for obtaining patched FIPS releases. \n\nPlease note: We highly recommend that you upgrade your Mobility\nController to the latest available patch on the Aruba support site\ncorresponding to your currently installed release. \n\n\nREFERENCES\n\n[1] http://extendedsubset.com/?p=8\n\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\n\n\n+----------------------------------------------------\n\nOBTAINING FIXED FIRMWARE\n\nAruba customers can obtain the firmware on the support website:\n\thttp://www.arubanetworks.com/support. \n\nAruba Support contacts are as follows:\n\n\t1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\n\n\t+1-408-754-1200 (toll call from anywhere in the world)\n\n\te-mail: support(at)arubanetworks.com\n\nPlease, do not contact either \"wsirt(at)arubanetworks.com\" or\n\"security(at)arubanetworks.com\" for software upgrades. \n\n\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\n\nThis vulnerability will be announced at\n\nAruba W.S.I.R.T. Advisory:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\nSecurityFocus Bugtraq\nhttp://www.securityfocus.com/archive/1\n\n\nSTATUS OF THIS NOTICE: Final\n\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\nin this advisory, all of the facts have been checked to the best of our\nability. Aruba Networks does not anticipate issuing updated versions of\nthis advisory unless there is some material change in the facts. Should\nthere be a significant change in the facts, Aruba Networks may update\nthis advisory. \n\nA stand-alone copy or paraphrase of the text of this security advisory\nthat omits the distribution URL in the following section is an uncontrolled\ncopy, and may lack important information or contain factual errors. \n\n\nDISTRIBUTION OF THIS ANNOUNCEMENT\n\nThis advisory will be posted on Aruba\u0027s website at:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\n\nFuture updates of this advisory, if any, will be placed on Aruba\u0027s worldwide\nwebsite, but may or may not be actively announced on mailing lists or\nnewsgroups. Users concerned about this problem are encouraged to check the\nabove URL for any updates. \n\n\nREVISION HISTORY\n\n Revision 1.0 / 02-08-2010 / Initial release\n\n\nARUBA WSIRT SECURITY PROCEDURES\n\nComplete information on reporting security vulnerabilities in Aruba Networks\nproducts, obtaining assistance with security incidents is available at\n http://www.arubanetworks.com/support/wsirt.php\n\n\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\ninformation we encourage the use of PGP encryption. Our public keys can be\nfound at\n\thttp://www.arubanetworks.com/support/wsirt.php\n\n\n (c) Copyright 2010 by Aruba Networks, Inc. \nThis advisory may be redistributed freely after the release date given at\nthe top of the text, provided that redistributed copies are complete and\nunmodified, including all date and version information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.14 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\n=CrHf\n-----END PGP SIGNATURE-----\n. Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01963123\nVersion: 1\n\nHPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-12-21\nLast Updated: 2009-12-21\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The\n\nvulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following temporary software updates to resolve the vulnerability. \n\nNOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked\n\nlibraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the\n\nHP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here\n\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\nTo review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do\n\nThe depots are available are available using ftp. \nHost / Account / Password\n\nftp.usa.hp.com / sb02498 / Secure12\n\nHP-UX Release / Temporary Depot name / SHA-1 Sum\n\nB.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /\n 3B6BE547403C28926482192408D5D5AB603A403D\n\nB.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /\n 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7\n\nB.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /\n 1D65F7D49883399F4D202E16754CF7DAE71E3B47\n\nB.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /\n 943E21D4621B480B5E8E651ACB605B8F7EA47304\n\nB.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /\n B8836FDB73434A3C26FB411E3F7CB3211129E5AC\n\nMANUAL ACTIONS: Yes\nInstall Apache v2.0.59.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Apache IPv4 and IPv6\nHP-UX B.11.11\n=============\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.23\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.31\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 21 December 2009 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nReferences: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. \nThe upgrades are available from the following location. \n\nFor Debian 7 (wheezy) this update adds a missing part to make it\nactually possible to disable client-initiated renegotiation and\ndisables it by default (CVE-2009-3555). TLS compression is disabled\n(CVE-2012-4929), although this is normally already disabled by the OpenSSL\nsystem library. Finally it adds the ability to disable the SSLv3 protocol\n(CVE-2014-3566) entirely via the new \"DisableSSLv3\" configuration\ndirective, although it will not disabled by default in this update. \n\nFor Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555). \nThis update addresses that issue for jessie. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1. \n\nWe recommend that you upgrade your pound packages. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org Data Manipulation and Code Execution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40070\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40070/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nRELEASE DATE:\n2010-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40070/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40070/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to manipulate certain data or\ncompromise a user\u0027s system. \n\n1) An error in the TLS protocol while handling session\nre-negotiations in included libraries can be exploited to manipulate\nsession data. \n\nFor more information see vulnerability #1 in:\nSA37291\n\n2) An error when exploring python code through the scripting IDE can\nbe exploited to potentially execute arbitrary code. \n\nThe vulnerabilities are reported in versions prior to 3.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2009-3555.html\nhttp://www.openoffice.org/security/cves/CVE-2010-0395.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This could force the server to\n process an attacker\u0026#039;s request as if authenticated using the victim\u0026#039;s\n credentials. \n \n The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,\n and 3.1.x before 3.1.7 does not properly consider timing side-channel\n attacks on a noncompliant MAC check operation during the processing\n of malformed CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks via statistical\n analysis of timing data for crafted packets, a related issue to\n CVE-2013-0169 (CVE-2013-1619). \n \n The updated packages have been patched to correct these issues. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. \n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "PACKETSTORM",
"id": "100765"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "94088"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "86075"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "84183"
},
{
"db": "PACKETSTORM",
"id": "88387"
},
{
"db": "PACKETSTORM",
"id": "131826"
},
{
"db": "PACKETSTORM",
"id": "90344"
},
{
"db": "PACKETSTORM",
"id": "84181"
},
{
"db": "PACKETSTORM",
"id": "120714"
},
{
"db": "PACKETSTORM",
"id": "89667"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "97489"
}
],
"trust": 3.78
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41001",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3555",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#120541",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "40070",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "38781",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42377",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37501",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39632",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37604",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41972",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43308",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38241",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37859",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41818",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39292",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42816",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42379",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38020",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42467",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37320",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37640",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37656",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37383",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42724",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38003",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42733",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38484",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40545",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40866",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39242",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38056",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39278",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39243",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42808",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37675",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39127",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39461",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37453",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40747",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41490",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39628",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39500",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37291",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41480",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37292",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39713",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38687",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37504",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39136",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41967",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023217",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023273",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023274",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023206",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023272",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023427",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023218",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023163",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023214",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023211",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023219",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023216",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1024789",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023148",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023213",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023271",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023243",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023209",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023215",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023208",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023411",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023204",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023224",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023210",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023207",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023426",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023428",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023205",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023275",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023270",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023212",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-2745",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3353",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-3069",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0086",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3354",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3484",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1793",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3310",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0982",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0033",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3220",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-2010",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1639",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-3126",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0916",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3164",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0086",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3313",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0748",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1350",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3521",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0994",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-3086",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0173",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3587",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0933",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3205",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1054",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0848",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1673",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3165",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/07/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/5",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/06/3",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "65202",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "62210",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "60521",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "60972",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS10-030",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA10-222A",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA10-287A",
"trust": 1.1
},
{
"db": "BID",
"id": "36935",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95298925",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "88167",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120714",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "97489",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131826",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "94088",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89667",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "84183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "86075",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "84181",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10071",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130868",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83415",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123380",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41001",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "44292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88387",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "PACKETSTORM",
"id": "100765"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "94088"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "86075"
},
{
"db": "PACKETSTORM",
"id": "97489"
},
{
"db": "PACKETSTORM",
"id": "84183"
},
{
"db": "PACKETSTORM",
"id": "88387"
},
{
"db": "PACKETSTORM",
"id": "131826"
},
{
"db": "PACKETSTORM",
"id": "90344"
},
{
"db": "PACKETSTORM",
"id": "84181"
},
{
"db": "PACKETSTORM",
"id": "120714"
},
{
"db": "PACKETSTORM",
"id": "89667"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"id": "VAR-200911-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:54:40.707000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS11-006 Software product security information",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Lack of information (CWE-noinfo) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://extendedsubset.com/?p=8"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=780"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=786"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=789"
},
{
"trust": 1.9,
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"trust": 1.9,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"trust": 1.9,
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"trust": 1.9,
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 1.2,
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"trust": 1.2,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"trust": 1.2,
"url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1023148"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023163"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023204"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023205"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023206"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023207"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023208"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023209"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023210"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023211"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023212"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023213"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023214"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023215"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023216"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023217"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023218"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023219"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023224"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023243"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023270"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023271"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023272"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023273"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023274"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023275"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023411"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023426"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023427"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023428"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1024789"
},
{
"trust": 1.1,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2009/nov/139"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/36935"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37291"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37292"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37320"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37383"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37399"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37453"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37501"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37504"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37604"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37640"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37656"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37675"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37859"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38003"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38020"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38056"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38241"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38484"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38687"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38781"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39127"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39136"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39242"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39243"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39278"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39292"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39461"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39500"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39628"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39632"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39713"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40070"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40545"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40747"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40866"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41480"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41490"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41818"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41967"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41972"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42377"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42379"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42467"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42724"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42733"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42808"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42816"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43308"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.1,
"url": "http://osvdb.org/60521"
},
{
"trust": 1.1,
"url": "http://osvdb.org/60972"
},
{
"trust": 1.1,
"url": "http://osvdb.org/62210"
},
{
"trust": 1.1,
"url": "http://osvdb.org/65202"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
},
{
"trust": 1.1,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
},
{
"trust": 1.1,
"url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1010-1"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-4"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-5"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"trust": 1.1,
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"trust": 1.1,
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"trust": 1.1,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.1,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"trust": 1.1,
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"trust": 1.1,
"url": "http://clicky.me/tlsvuln"
},
{
"trust": 1.1,
"url": "http://extendedsubset.com/renegotiating_tls.pdf"
},
{
"trust": 1.1,
"url": "http://kbase.redhat.com/faq/docs/doc-20491"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4004"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100070150"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100081611"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100114315"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100114327"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx123359"
},
{
"trust": 1.1,
"url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
},
{
"trust": 1.1,
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"trust": 1.1,
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"trust": 1.1,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"trust": 1.1,
"url": "http://www.betanews.com/article/1257452450"
},
{
"trust": 1.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
},
{
"trust": 1.1,
"url": "http://www.ingate.com/relnote.php?ver=481"
},
{
"trust": 1.1,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"trust": 1.1,
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"trust": 1.1,
"url": "http://www.opera.com/support/search/view/944/"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"trust": 1.1,
"url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
},
{
"trust": 1.1,
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"trust": 1.1,
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"trust": 1.1,
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"trust": 1.0,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"trust": 1.0,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
},
{
"trust": 1.0,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
},
{
"trust": 0.8,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=18790"
},
{
"trust": 0.8,
"url": "http://www.links.org/files/no-renegotiation-2.patch"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95298925/"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.5,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.3,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44292/"
},
{
"trust": 0.1,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44292"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44292/#comments"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.18_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.18_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.18_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.7_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.arubanetworks.com/support."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://www.arubanetworks.com/support/wsirt.php"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://www.openoffice.org/security/cves/cve-2010-0395.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40070/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/webinars/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40070/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070"
},
{
"trust": 0.1,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3324"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1619"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-6a3f2fa832db4ddf9b3398f04c"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-1b189d95582249b58d9ca94c45"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-4311cc1b61fd42a4874b13d714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "PACKETSTORM",
"id": "100765"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "94088"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "86075"
},
{
"db": "PACKETSTORM",
"id": "97489"
},
{
"db": "PACKETSTORM",
"id": "84183"
},
{
"db": "PACKETSTORM",
"id": "88387"
},
{
"db": "PACKETSTORM",
"id": "131826"
},
{
"db": "PACKETSTORM",
"id": "90344"
},
{
"db": "PACKETSTORM",
"id": "84181"
},
{
"db": "PACKETSTORM",
"id": "120714"
},
{
"db": "PACKETSTORM",
"id": "89667"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "PACKETSTORM",
"id": "100765"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "94088"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "86075"
},
{
"db": "PACKETSTORM",
"id": "97489"
},
{
"db": "PACKETSTORM",
"id": "84183"
},
{
"db": "PACKETSTORM",
"id": "88387"
},
{
"db": "PACKETSTORM",
"id": "131826"
},
{
"db": "PACKETSTORM",
"id": "90344"
},
{
"db": "PACKETSTORM",
"id": "84181"
},
{
"db": "PACKETSTORM",
"id": "120714"
},
{
"db": "PACKETSTORM",
"id": "89667"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#120541"
},
{
"date": "2009-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-41001"
},
{
"date": "2011-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"date": "2011-04-24T07:03:17",
"db": "PACKETSTORM",
"id": "100765"
},
{
"date": "2009-11-19T18:46:00",
"db": "PACKETSTORM",
"id": "82799"
},
{
"date": "2010-09-21T22:55:35",
"db": "PACKETSTORM",
"id": "94088"
},
{
"date": "2009-12-07T21:57:59",
"db": "PACKETSTORM",
"id": "83521"
},
{
"date": "2010-04-07T02:30:56",
"db": "PACKETSTORM",
"id": "88167"
},
{
"date": "2010-02-09T18:53:40",
"db": "PACKETSTORM",
"id": "86075"
},
{
"date": "2011-01-13T03:33:06",
"db": "PACKETSTORM",
"id": "97489"
},
{
"date": "2009-12-22T20:50:12",
"db": "PACKETSTORM",
"id": "84183"
},
{
"date": "2010-04-15T22:26:05",
"db": "PACKETSTORM",
"id": "88387"
},
{
"date": "2015-05-08T13:32:34",
"db": "PACKETSTORM",
"id": "131826"
},
{
"date": "2010-06-07T16:47:06",
"db": "PACKETSTORM",
"id": "90344"
},
{
"date": "2009-12-22T20:42:09",
"db": "PACKETSTORM",
"id": "84181"
},
{
"date": "2013-03-08T04:15:53",
"db": "PACKETSTORM",
"id": "120714"
},
{
"date": "2010-05-19T05:44:26",
"db": "PACKETSTORM",
"id": "89667"
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920"
},
{
"date": "2009-11-09T17:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#120541"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41001"
},
{
"date": "2022-06-13T05:59:00",
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"date": "2023-02-13T02:20:27.983000",
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120714"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL and TLS protocols renegotiation vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "94088"
},
{
"db": "PACKETSTORM",
"id": "86075"
},
{
"db": "PACKETSTORM",
"id": "120714"
}
],
"trust": 0.4
}
}
var-202207-0580
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0580",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35164"
}
]
},
"cve": "CVE-2020-35164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35164",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377255",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.4,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35164",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35164",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377255",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35164",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377255"
},
{
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "VULHUB",
"id": "VHN-377255"
},
{
"db": "VULMON",
"id": "CVE-2020-35164"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35164",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84615",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377255",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377255"
},
{
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"id": "VAR-202207-0580",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377255"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:11:57.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200705"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35164"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35164/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377255"
},
{
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377255"
},
{
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377255"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"date": "2022-07-11T20:15:08.330000",
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377255"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35164"
},
{
"date": "2023-09-25T06:06:00",
"db": "JVNDB",
"id": "JVNDB-2019-016809"
},
{
"date": "2022-10-06T16:07:35.737000",
"db": "NVD",
"id": "CVE-2020-35164"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016809"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-833"
}
],
"trust": 0.6
}
}
var-200904-0262
Vulnerability from variot
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0976",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0976",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0976",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53733",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"id": "VAR-200904-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:12:29.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53733"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.377000",
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2012-10-23T03:04:23.337000",
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager In the component LTADM Vulnerabilities related to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
}
}
var-200904-0261
Vulnerability from variot
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0975",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0975",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0975",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0975",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "53732",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.5
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"id": "VAR-200904-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2024-02-13T21:07:02.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53732"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2009-04-15T10:30:00.360000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2016-11-22T16:13:19.677000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
}
}
var-201109-0130
Vulnerability from variot
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. SSL Protocol and TLS The protocol includes CBC There are vulnerabilities that are subject to selective plaintext attacks in mode. SSL Protocol and TLS Protocol is CBC Initialization vector when operating in mode (IV) There is a problem in the determination method, and there is a vulnerability that is subject to selective plaintext attacks. Attack methods using this vulnerability have been released.Encrypted communication is a man-in-the-middle attack (man-in-the-middle attack) If they are intercepted by you, their content may be decrypted. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. The complete list of recognized system roots may be viewed via the Keychain Access application. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. CVE-ID CVE-2014-1259
Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. The issue was addressed by filtering unsafe unicode characters from display in filenames. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2013:037 http://www.mandriva.com/en/support/security/
Package : fetchmail Date : April 5, 2013 Affected: Business Server 1.0
Problem Description:
Multiple vulnerabilities has been found and corrected in fetchmail:
Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389).
A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort.
This advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667
CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation
Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.
DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative
Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652
International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599
Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team
LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher
Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC
Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048
Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation
QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389
USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure
Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.
For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33
For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c
For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532
For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b
For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a
For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e
For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE----- .
Release Date: 2012-05-15 Last Updated: 2012-05-15
Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information.
References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is providing the following Java updates to resolve the vulnerabilities. The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)
It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
CVE-2011-4362
Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions.
CVE-2011-3389
When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack (BCBA) on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers.
This updates includes this option by default. System administrators are advised to read the NEWS file of this update (as this may break older clients)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web server",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "02-03"
},
{
"model": "web server 02-04-/a",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-01"
},
{
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-02"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.10"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.04"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "simatic rf615r",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "simatic rf68xr",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "web server 01-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre 1.4.2 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jre 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "sdk 1.4.2 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "sdk 1.4.2 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.4.2 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk .0 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "web server 01-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus operator for service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 1.4.2 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 1.4.2 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk .0 4",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 1.4.2 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.4.2 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 1.4.2 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre 1.4.2 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "ucosminexus operator for service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "web server 01-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "sdk 1.4.2 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard edition version 4"
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4 (ruby)"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "5.0 (windows)"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.1 (windows)"
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for service platform"
},
{
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64) sp1 before"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.3 (curl)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.0 to 4.3.5 (iphone 3gs iphone 4)"
},
{
"model": "ruggedcom win5100",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "all versions"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v2.1"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "entry set"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.2 (java)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3 sp3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9"
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64) sp2"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "smart edition"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5 (secure transport)"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2.0.3"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0 (windows)"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterpriseaccessmanager version 3.x to 6.x"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x86) sp2"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprisedirectoryserver/rdb cooperation system all versions"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "12.1.2.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(cfnetwork ssl python)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard edition version 4"
},
{
"model": "hyperion",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "essbase 11.1.2.2"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2(itanium) sp2"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "pc security all versions"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.4"
},
{
"model": "ruggedcom win5100",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "software v4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8 (apache)"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.2 (apache)"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "ruggedcom win7200",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "all versions"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2(x64) sp2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.2 (java)"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x v10.7.4 and later )"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8 (apache)"
},
{
"model": "ruggedcom win5200",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "all versions"
},
{
"model": "ruggedcom win7200",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "software v4.4"
},
{
"model": "ruggedcom win7000",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "all versions"
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.2 (apache)"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "accesscontrolserver version 3.x to 6.x"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4 (ruby)"
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "ruggedcom win7000",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "software v4.4"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.5 (windows)"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64) sp2"
},
{
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for plug-in"
},
{
"model": "hp system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium) sp2"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x32) sp1 before"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.3 (curl)"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2.0.2"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium) sp2"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web edition version 4"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64) sp2"
},
{
"model": "hyperion",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "essbase 11.1.2.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.0 to 4.3"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform - messaging"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "accesscontrolplugin version 3.x to 6.x"
},
{
"model": "processing kit for xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"model": "hirdb for java /xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 to 4.3.5 (ipod touch first 3 after generation )"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 4.3.5 (ipad)"
},
{
"model": "ruggedcom win5200",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "software v4.4"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64) sp2"
},
{
"model": "ucosminexus client )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "ucosminexus operator for service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "web server 02-04-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.4.2 28",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "cosminexus http server windows",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "01-02"
},
{
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre .0 02",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "cosminexus http server windows",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "04-00"
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus client )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jre 1.4.2 27",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-04"
},
{
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ucosminexus operator for service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"model": "fusion middleware 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.17"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.80"
},
{
"model": "java se sr8 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.11"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.2"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.53"
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.14.1"
},
{
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.50"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.63"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.70"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista business 64-bit edition x64-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "power systems 350.c0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.30"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.2.1"
},
{
"model": "power systems 350.b1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01(x64)"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "java se sr12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "windows server standard edition gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "flex system imm2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"model": "windows server r2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows xp media center edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.51"
},
{
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "windows server r2 web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"model": "ucosminexus client for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java sdk sr10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "vplex geosynchrony sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "forms and reports 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.1.2.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.00"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.22"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "flex system chassis management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x640"
},
{
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "software opera web browser 1win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "flex system imm2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.00"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.51"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-03"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.21.6"
},
{
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "cosminexus developer\u0027s kit for java (windows(x8",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "11.51"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.54"
},
{
"model": "windows server sp2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-x64"
},
{
"model": "system networking ethernet switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.51"
},
{
"model": "windows server gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.10"
},
{
"model": "windows server r2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.40"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"model": "firefox beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.17"
},
{
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.10"
},
{
"model": "windows server standard edition gold web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "software opera web browser beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.00"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.60"
},
{
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.25"
},
{
"model": "windows home premium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7-x32"
},
{
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "windows server gold compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.02"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "windows server standard edition gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "access manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.24"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.60"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.3"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19"
},
{
"model": "windows server sp1 platform sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "windows server r2 x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "cosminexus http server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "windows server enterprise edition itanium sp2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows vista business 64-bit edition x64-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "windows rc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "9.0"
},
{
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-10"
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "control patch",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.01"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13.2"
},
{
"model": "access manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "11.60"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.20"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-060"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.52"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.52"
},
{
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "windows server r2 enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "rsa bsafe ssl-c",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "2.8.6"
},
{
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "simatic rf68xr",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "windows server standard edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "windows server standard edition sp2 web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.3"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.5"
},
{
"model": "windows server terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.54"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"model": "jre 21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "windows vista business 64-bit edition x86-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "java se sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "windows server gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.53"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "windows server r2 enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.70"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20.2"
},
{
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8"
},
{
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "jrockit r27.6.0-50",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.015"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"model": "windows server r2 datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.64"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "windows server sp1 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-02"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.01"
},
{
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.222"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"model": "windows vista business 64-bit edition x86-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.40"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "windows server gold x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.22"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "web server security enhancement",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.0"
},
{
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "cosminexus developer\u0027s kit for java (windows(x8",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"model": "jdk update24",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.31"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-05"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.81"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"model": "windows server r2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "software opera web browser j",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "windows vista business 64-bit edition sp1 x86-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "power systems 350.b0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.2"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20"
},
{
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "security appscan standard",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.00"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "java se sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.30"
},
{
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.50"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.80"
},
{
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "flex system cmm 1.40.2q",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.06"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "cosminexus developer\u0027s kit for java (windows(x6",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.23"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"model": "windows server r2 datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "windows server gold x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.00"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "openpages grc platform",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.15"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "software opera web browser beta build",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.2012981"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows server r2 datacenter sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9"
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-05"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.53"
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.1"
},
{
"model": "windows server r2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr9-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.11"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.72"
},
{
"model": "windows server standard edition sp2 hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "update manager update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.01"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.20"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.01"
},
{
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.20"
},
{
"model": "jre 10-b03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.61"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.90"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.53"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.8"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.20.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.71"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"model": "java ibm 31-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.16.4"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rsa bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "2.8.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "cosminexus http server windows",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-11"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.00"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows vista business 64-bit edition sp1 x64-enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.10"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.60"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.5"
},
{
"model": "ucosminexus service platform aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(64)"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03(x64)"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "linux enterprise software development kit sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "software opera web browser beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.20"
},
{
"model": "power systems 350.d0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"model": "business server",
"scope": "ne",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.12"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.61"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.6"
},
{
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "cosminexus http server",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-13"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.54"
},
{
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser .6win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.221"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "jdk update20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "windows server standard edition r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.62"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "773.02"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.31"
},
{
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "freeflow print server 91.d2.32",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux enterprise for sap applications sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.1"
},
{
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server sp1 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.6"
},
{
"model": "java se sr11 pf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"model": "groupware suite",
"scope": "eq",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.11"
},
{
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"model": "windows server standard edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.40"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.70"
},
{
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "jre 1.5.0 09-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x2"
},
{
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.1.1"
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.14"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.21"
},
{
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.45"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "software opera web browser mac",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"model": "project openssl beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.1"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "fusion middleware 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.16"
},
{
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.23.1"
},
{
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2.1"
},
{
"model": "software opera web browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jrockit r28.1.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.16"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.01"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"model": "software opera web browser beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.11"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "bladecenter advanced management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "java sdk sr13 fp11",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.50"
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"model": "windows server gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.02"
},
{
"model": "windows xp mode",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"model": "cosminexus developer\u0027s kit for java (windows(x6",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-06"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.62"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "windows server r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x64"
},
{
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux enterprise software development kit sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "java se sr12-fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server standard edition gold hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows server gold x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-05"
},
{
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.10"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.5"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.30"
},
{
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "windows server sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.219"
},
{
"model": "java se sr10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"model": "cosminexus http server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x64"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.80"
},
{
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "rsa bsafe ssl-j",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.0.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.50"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.02"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.52"
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.90"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.00"
},
{
"model": "rsa bsafe ssl-j",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "5.1.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "jdk update23",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.51"
},
{
"model": "jre 28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.62"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "control",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.0"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-04"
},
{
"model": "cosminexus http server linux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-12"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "flex system cmm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.3"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.52"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.01"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "web server 01-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "windows server r2 x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.60"
},
{
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server datacenter edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "windows server r2 enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "hirdb for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.50"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.51"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.46"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.15.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.22"
},
{
"model": "windows server r2 enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"model": "cosminexus http server hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-13"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.10"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "java se sr13-fp11",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "windows server sp2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"model": "windows server standard edition sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.18.1"
},
{
"model": "web server 02-04-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "windows server standard edition r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.601"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"model": "windows server r2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.227"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.4"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.224"
},
{
"model": "ucosminexus service platform linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "windows server standard edition gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.52"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "jdk update18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.60"
},
{
"model": "windows server r2 datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.13.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.50"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.4"
},
{
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "770.00"
},
{
"model": "stenberg curl",
"scope": "ne",
"trust": 0.3,
"vendor": "daniel",
"version": "7.24.0"
},
{
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "windows vista home basic 64-bit edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.10"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.50"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista business 64-bit edition sp1 x86-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "freeflow print server 81.d0.73",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "software opera web browser beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.00"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-70"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "simatic rf615r",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2.1"
},
{
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows server gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "jre 27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "windows vista business 64-bit edition sp1 x64-ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "jrockit r27.6.9",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "windows server r2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "power systems 350.a0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "simatic rf68xr",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"model": "windows vista business 64-bit edition sp1 x64-home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"model": "jdk update14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0"
},
{
"model": "project openssl beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "windows server standard edition gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0.2"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "010"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.27"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "windows server r2 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"model": "networks matrixssl",
"scope": "ne",
"trust": 0.3,
"vendor": "peersec",
"version": "3.2.2"
},
{
"model": "windows server standard edition gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows server r2 platfom sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-02"
},
{
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "secure sockets layer",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "3.0"
},
{
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "rsa bsafe micro edition suite",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.5"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.23"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "windows server r2 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.60"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.2"
},
{
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "connect build",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "7.1.42985"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"model": "web server 02-04-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.6"
},
{
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "virtualcenter update 6b",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "simatic rf68xr",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "cosminexus http server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.10"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser 3win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.63"
},
{
"model": "software opera web browser 2win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.01"
},
{
"model": "windows xp service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "30"
},
{
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "freeflow print server 82.d1.44",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10003.0"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-09"
},
{
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.4"
},
{
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "740.21"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.223"
},
{
"model": "connect",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "8.1"
},
{
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-04"
},
{
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "simatic rf615r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.20"
},
{
"model": "java se sr13-fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.63"
},
{
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "jdk update16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "windows home premium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7-x64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "groupware suite",
"scope": "ne",
"trust": 0.3,
"vendor": "collax",
"version": "5.5.12"
},
{
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "jrockit r28.1.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "windows vista home basic 64-bit edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"model": "windows server enterprise edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "flex system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.41"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.2"
},
{
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"model": "networks matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "peersec",
"version": "3.2.1"
},
{
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "vplex geosynchrony",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "5.3"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.16.3"
},
{
"model": "windows server r2 itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.51"
},
{
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.11"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"model": "cosminexus http server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"model": "cms server aux",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "cosminexus http server windows",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-12"
},
{
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"model": "freeflow print server 93.e0.21c",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.10"
},
{
"model": "simatic rf615r",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "cosminexus http server linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "windows server r2 x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux enterprise server sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.26"
},
{
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.02"
},
{
"model": "access manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"model": "update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.12.1"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus http server linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "350.40"
},
{
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.19.5"
},
{
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.201"
},
{
"model": "stenberg curl",
"scope": "eq",
"trust": 0.3,
"vendor": "daniel",
"version": "7.21.7"
},
{
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "websphere multichannel bank transformation toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ucosminexus service platform windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "windows server sp2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.61"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "760.20"
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10004.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "power systems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "730.91"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "freeflow print server 73.d2.33",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "111.1.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.23.1",
"versionStartIncluding": "7.10.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thai Duong and Juliano Rizzo, Wendy Parrington from United Utilities.",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3389",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3389",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#864643",
"trust": 0.8,
"value": "3.38"
},
{
"author": "VULMON",
"id": "CVE-2011-3389",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack. SSL Protocol and TLS The protocol includes CBC There are vulnerabilities that are subject to selective plaintext attacks in mode. SSL Protocol and TLS Protocol is CBC Initialization vector when operating in mode (IV) There is a problem in the determination method, and there is a vulnerability that is subject to selective plaintext attacks. Attack methods using this vulnerability have been released.Encrypted communication is a man-in-the-middle attack (man-in-the-middle attack) If they are intercepted by you, their content may be decrypted. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges. \n\nCVE-2011-3544\n\tThe Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. \nThe complete list of recognized system roots may be viewed via the\nKeychain Access application. \nCVE-ID\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\n\nData Security\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: Secure Transport failed to validate the authenticity of\nthe connection. \nCVE-ID\nCVE-2014-1259\n\nFinder\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Accessing a file\u0027s ACL via Finder may lead to other users\ngaining unauthorized access to files\nDescription: Accessing a file\u0027s ACL via Finder may corrupt the ACLs\non the file. \nThe issue was addressed by filtering unsafe unicode characters from\ndisplay in filenames. Downloading a maliciously crafted\nMicrosoft Office file may have led to an unexpected application\ntermination or arbitrary code execution. \nTo address these issues for applications using Secure Transport, the\n1-byte fragment mitigation was enabled by default for this\nconfiguration. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2013:037\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : fetchmail\n Date : April 5, 2013\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in fetchmail:\n \n Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which\n contains a switch to disable a countermeasure against certain attacks\n against block ciphers that permit guessing the initialization vectors,\n providing that an attacker can make the application (fetchmail) encrypt\n some data for him -- which is not easily the case (aka a BEAST attack)\n (CVE-2011-3389). \n \n A denial of service flaw was found in the way Fetchmail, a remote mail\n retrieval and forwarding utility, performed base64 decoding of certain\n NTLM server responses. Upon sending the NTLM authentication request,\n Fetchmail did not check if the received response was actually part\n of NTLM protocol exchange, or server-side error message and session\n abort. \n \n This advisory provides the latest version of fetchmail (6.3.22)\n which is not vulnerable to these issues. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription: A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription: A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact: If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription: A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Remote admins and persons with physical access to the system\nmay obtain account information\nDescription: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A malicious program could bypass sandbox restrictions\nDescription: A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A local user may be able to obtain other user\u0027s login\npasswords\nDescription: A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing an e-mail message may lead to execution of web\nplugins\nDescription: An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A user with access to the contents of a mobile account may\nobtain the account password\nDescription: Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: Multiple vulnerabilities in PHP\nDescription: \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for: OS X Lion Server v10.7 to v10.7.4\nImpact: An unauthenticated user could enumerate managed devices\nDescription: An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-05-15\nLast Updated: 2012-05-15\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of service, unauthorized\nmodification and disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities may allow remote Denial of Service (DoS), unauthorized\nmodification and disclosure of information. \n\nReferences: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476,\nCVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864,\nCVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502,\nCVE-2012-0503, CVE-2012-0505, CVE-2012-0506\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is providing the following Java updates to resolve the vulnerabilities. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant:\nHP-UX Software Assistant is an enhanced application that replaces HP-UX\nSecurity Patch Check. It analyzes all HP-issued Security Bulletins and lists\nrecommended actions that may apply to a specific HP-UX system. It can also\ndownload patches and create a depot automatically. For more information see:\nhttps://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJpi14.JPI14-COM\nJpi14.JPI14-COM-DOC\nJpi14.JPI14-IPF32\nJpi14.JPI14-PA11\nJdk14.JDK14-COM\nJdk14.JDK14-DEMO\nJdk14.JDK14-IPF32\nJdk14.JDK14-IPF64\nJdk14.JDK14-PA11\nJdk14.JDK14-PA20\nJdk14.JDK14-PA20W\nJdk14.JDK14-PNV2\nJdk14.JDK14-PWV2\nJre14.JRE14-COM\nJre14.JRE14-COM-DOC\nJre14.JRE14-IPF32\nJre14.JRE14-IPF32-HS\nJre14.JRE14-IPF64\nJre14.JRE14-IPF64-HS\nJre14.JRE14-PA11\nJre14.JRE14-PA11-HS\nJre14.JRE14-PA20\nJre14.JRE14-PA20-HS\nJre14.JRE14-PA20W\nJre14.JRE14-PA20W-HS\nJre14.JRE14-PNV2\nJre14.JRE14-PNV2-H\nJre14.JRE14-PWV2\nJre14.JRE14-PWV2-H\naction: install revision 1.4.2.28.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2011:1380-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html\nIssue date: 2011-10-18\nCVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 \n CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. A remote RMI client could use this flaw to execute\narbitrary code on the RMI server running the registry. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property. \nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command. \n\nAn information leak flaw was found in the InputStream.skip implementation. \nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information. \n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system. \n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU\n1E1DMZpv3ExBmKhD4Emi2no=\n=sMXo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2011-4362\n\n Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions. \n\nCVE-2011-3389\n\n When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called \"BEAST\" attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers. \n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients)",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "122468"
},
{
"db": "PACKETSTORM",
"id": "108800"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "108498"
},
{
"db": "PACKETSTORM",
"id": "121097"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "PACKETSTORM",
"id": "105967"
},
{
"db": "PACKETSTORM",
"id": "108077"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3389",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#864643",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.8
},
{
"db": "USCERT",
"id": "TA12-010A",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-556833",
"trust": 1.3
},
{
"db": "BID",
"id": "49778",
"trust": 1.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-04",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48948",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55322",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48692",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "47998",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55350",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "49198",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48915",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "48256",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "55351",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "45791",
"trust": 1.0
},
{
"db": "BID",
"id": "49388",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1026103",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1029190",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1026704",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1025997",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "74829",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95174988",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-098-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305",
"trust": 0.8
},
{
"db": "HITACHI",
"id": "HS11-024",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS14-011",
"trust": 0.3
},
{
"db": "HITACHI",
"id": "HS13-018",
"trust": 0.3
},
{
"db": "XF",
"id": "70069",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "46694",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2011-3389",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107532",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105967",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "122468"
},
{
"db": "PACKETSTORM",
"id": "108800"
},
{
"db": "PACKETSTORM",
"id": "108077"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "108498"
},
{
"db": "PACKETSTORM",
"id": "121097"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "PACKETSTORM",
"id": "105967"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"id": "VAR-201109-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25529101000000004
},
"last_update_date": "2024-06-17T10:34:10.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-10-22-3 ",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
},
{
"title": "APPLE-SA-2012-07-25-2 Xcode 4.4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
},
{
"title": "APPLE-SA-2012-09-19-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"title": "APPLE-SA-2012-05-09-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00001.html"
},
{
"title": "APPLE-SA-2012-02-01-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"title": "APPLE-SA-2014-02-25-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/feb/msg00000.html"
},
{
"title": "APPLE-SA-2011-10-12-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html"
},
{
"title": "APPLE-SA-2011-10-12-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
},
{
"title": "HT5281",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5281?viewlocale=ja_jp"
},
{
"title": "HT5416",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5416?viewlocale=ja_jp"
},
{
"title": "HT6011",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6011?viewlocale=ja_jp"
},
{
"title": "HT5130",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5130?viewlocale=ja_jp"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5501?viewlocale=ja_jp"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6150?viewlocale=ja_jp"
},
{
"title": "HT4999",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4999?viewlocale=ja_jp"
},
{
"title": "HT5001",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5001?viewlocale=ja_jp"
},
{
"title": "HT5045",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5045?viewlocale=ja_jp"
},
{
"title": "chrome-stable-release",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"title": "Revision 97269",
"trust": 0.8,
"url": "https://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269"
},
{
"title": "HS14-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-010/index.html"
},
{
"title": "HS15-031",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-031/index.html"
},
{
"title": "HS13-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-018/index.html"
},
{
"title": "HS14-011",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-011/index.html"
},
{
"title": "HS11-024",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html"
},
{
"title": "HPSBMU02900",
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
},
{
"title": "HPSBMU02742 SSRT100740",
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03164351"
},
{
"title": "HPSBUX02730 SSRT100710",
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03122753"
},
{
"title": "Security alerts",
"trust": 0.8,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"title": "2588513",
"trust": 0.8,
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"title": "2588513",
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/advisory/2588513"
},
{
"title": "MS12-006",
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006"
},
{
"title": "TLS \u6697\u53f7\u5316\u901a\u4fe1\u306b\u5bfe\u3059\u308b\u653b\u6483\u306e Firefox \u3078\u306e\u5f71\u97ff",
"trust": 0.8,
"url": "http://mozilla.jp/blog/entry/7289/"
},
{
"title": "attack-against-tls-protected-communications",
"trust": 0.8,
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"title": "NV12-005",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv12-005.html"
},
{
"title": "Bug 719047",
"trust": 0.8,
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"title": "Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures",
"trust": 0.8,
"url": "https://www.openssl.org/~bodo/tls-cbc.txt"
},
{
"title": "SUSE-SU-2012:0114",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"title": "SUSE-SU-2012:0122",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"title": "openSUSE-SU-2012:0030",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2012-01/msg00009.html"
},
{
"title": "openSUSE-SU-2012:0063",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2012-01/msg00021.html"
},
{
"title": "windows/1160",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"title": "unix/1160",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"title": "mac/1160",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"title": "javacpuoct2011-443431",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2013",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2013 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013verbose-1899842.html"
},
{
"title": "Bug 737506",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"title": "RHSA-2011:1384",
"trust": 0.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html"
},
{
"title": "RHSA-2012:0006",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0006.html"
},
{
"title": "RHSA-2013:1455",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"title": "October 2013 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2013_critical_patch_update"
},
{
"title": "cve_2011_3389_chosen_plaintext1",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext1"
},
{
"title": "CVE-2011-3389 Vulnerability in NSS library affects Oracle iPlanet Web Proxy Server",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_vulnerability_in"
},
{
"title": "Multiple vulnerabilities in Python",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "Multiple vulnerabilities in fetchmail",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "cve_2011_3389_chosen_plaintext",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext"
},
{
"title": "2588513",
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"title": "VMSA-2012-0003.1",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0003.html"
},
{
"title": "HS14-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs14-010/index.html"
},
{
"title": "HS15-031",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-031/index.html"
},
{
"title": "HS13-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs13-018/index.html"
},
{
"title": "HS14-011",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs14-011/index.html"
},
{
"title": "HS11-024",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-024/index.html"
},
{
"title": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30c9\u30d0\u30a4\u30b6\u30ea (2588513)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/security/advisory/2588513"
},
{
"title": "MS12-006",
"trust": 0.8,
"url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-006"
},
{
"title": "TA12-010A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-010a.html"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2011-4362: DoS because of incorrect code in src/http_auth.c:67",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=210cf4b6236578faf8f94374acf42746"
},
{
"title": "Debian CVElist Bug Report Logs: nss: CVE-2014-1569 information leak",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ab91355beed7b295ca76667e7725b8ff"
},
{
"title": "Red Hat: Critical: java-1.4.2-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120006 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-2398-2 curl -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=aedc7511d582d3d92a5ba7329ed7d34e"
},
{
"title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120343 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-2368-1 lighttpd -- multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=013e897d92ab510d8719f5ffc2cb7e80"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=43a9f1e298f8daf772ebfe7187e61853"
},
{
"title": "Debian CVElist Bug Report Logs: asterisk: CVE-2015-3008: TLS Certificate Common name NULL byte exploit",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3dcc7cafafedb5ec8b84970acf17457b"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120034 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84da1980846b47c2025a829646fab2ad"
},
{
"title": "Red Hat: Critical: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121089 - security advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1263-2"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121088 - security advisory"
},
{
"title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1263-1"
},
{
"title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe"
},
{
"title": "Amazon Linux AMI: ALAS-2011-010",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2011-010"
},
{
"title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20131455 - security advisory"
},
{
"title": "litecoin_demo",
"trust": 0.1,
"url": "https://github.com/swod00/litecoin_demo "
},
{
"title": "litecoin",
"trust": 0.1,
"url": "https://github.com/daniel1302/litecoin "
},
{
"title": "reg",
"trust": 0.1,
"url": "https://github.com/genuinetools/reg "
},
{
"title": "testssl-report",
"trust": 0.1,
"url": "https://github.com/tzaffi/testssl-report "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ricardobranco777/regview "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/valdem88/dev-17_ib-yakovlev_vs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"trust": 1.8,
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"trust": 1.8,
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"trust": 1.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"trust": 1.8,
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"trust": 1.8,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 1.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta12-010a.html"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"trust": 1.3,
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"trust": 1.3,
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"trust": 1.3,
"url": "http://curl.haxx.se/docs/adv_20120124b.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665814"
},
{
"trust": 1.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-04"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 1.0,
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"trust": 1.0,
"url": "http://downloads.asterisk.org/pub/security/ast-2016-001.html"
},
{
"trust": 1.0,
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"trust": 1.0,
"url": "http://eprint.iacr.org/2004/111"
},
{
"trust": 1.0,
"url": "http://eprint.iacr.org/2006/136"
},
{
"trust": 1.0,
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"trust": 1.0,
"url": "http://isc.sans.edu/diary/ssl+tls+part+3+/11635"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.0,
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"trust": 1.0,
"url": "http://osvdb.org/74829"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0508.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/45791"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/47998"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48256"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48692"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48915"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48948"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/49198"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55322"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55350"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/55351"
},
{
"trust": 1.0,
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"trust": 1.0,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht4999"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5001"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5281"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.0,
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"trust": 1.0,
"url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"trust": 1.0,
"url": "http://www.insecure.cl/beast-ssl.rar"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:058"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"trust": 1.0,
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/49388"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/49778"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1029190"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1025997"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1026103"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1026704"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-1263-1"
},
{
"trust": 1.0,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"trust": 1.0,
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"trust": 1.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"trust": 1.0,
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"trust": 1.0,
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14752"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389"
},
{
"trust": 0.8,
"url": "http://www.openssl.org/~bodo/tls-cbc.txt"
},
{
"trust": 0.8,
"url": "http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php"
},
{
"trust": 0.8,
"url": "https://blog.torproject.org/blog/tor-and-beast-ssl-attack"
},
{
"trust": 0.8,
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269"
},
{
"trust": 0.8,
"url": "http://www.ekoparty.org/2011/juliano-rizzo.php"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-098-03"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu381963/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95174988/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu864643"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta12-010a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu700214"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu692779"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3389"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
},
{
"trust": 0.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html"
},
{
"trust": 0.3,
"url": "http://www.collax.com/download/file/target/frame/file/2926"
},
{
"trust": 0.3,
"url": "http://www.collax.com/produkte/allinone-server-for-small-businesses"
},
{
"trust": 0.3,
"url": "http://www.collax.com/download/file/target/frame/file/2930"
},
{
"trust": 0.3,
"url": "http://www.collax.com/produkte/email-calendar-contacts-in-a-safe-business-server"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578730"
},
{
"trust": 0.3,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext2"
},
{
"trust": 0.3,
"url": "seclists.org/bugtraq/2014/apr/att-70/esa-2012-032.txt"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2012/sep/att-39/esa-2012-032.txt"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt"
},
{
"trust": 0.3,
"url": "http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/xfdb/70069"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/connect/history"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7009901\u0026sliceid=1"
},
{
"trust": 0.3,
"url": "http://www.opera.com/support/kb/view/1000/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm60958"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_system_x_and_flex_systems_browser_exploit_against_ssl_tls_beast_mitigations_cve_2011_33891?lang=en_us"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21568229"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21571596"
},
{
"trust": 0.3,
"url": "/archive/1/524142"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht5416"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100151219"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100150852"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154049"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154899"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/jun/att-65/esa-2013-039.txt"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093636"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/advisory/2588513"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-018/index.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093630"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022152"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1019998"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-011/index.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201111-02.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46694/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46694/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
},
{
"trust": 0.1,
"url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1252"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html"
},
{
"trust": 0.1,
"url": "http://www.fetchmail.info/fetchmail-sa-2012-01.txt"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3482"
},
{
"trust": 0.1,
"url": "http://www.fetchmail.info/fetchmail-sa-2012-02.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3482"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313"
},
{
"trust": 0.1,
"url": "http://http//support.apple.com/kb/ht5502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814"
},
{
"trust": 0.1,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/news"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1380.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "122468"
},
{
"db": "PACKETSTORM",
"id": "108800"
},
{
"db": "PACKETSTORM",
"id": "108077"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "108498"
},
{
"db": "PACKETSTORM",
"id": "121097"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "PACKETSTORM",
"id": "105967"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#864643"
},
{
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"db": "BID",
"id": "49778"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "122468"
},
{
"db": "PACKETSTORM",
"id": "108800"
},
{
"db": "PACKETSTORM",
"id": "108077"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "108498"
},
{
"db": "PACKETSTORM",
"id": "121097"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "PACKETSTORM",
"id": "112826"
},
{
"db": "PACKETSTORM",
"id": "105967"
},
{
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#864643"
},
{
"date": "2011-09-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"date": "2011-09-19T00:00:00",
"db": "BID",
"id": "49778"
},
{
"date": "2011-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"date": "2011-11-06T01:01:42",
"db": "PACKETSTORM",
"id": "106640"
},
{
"date": "2011-11-08T04:55:18",
"db": "PACKETSTORM",
"id": "106747"
},
{
"date": "2013-07-18T18:51:07",
"db": "PACKETSTORM",
"id": "122468"
},
{
"date": "2012-01-18T23:25:42",
"db": "PACKETSTORM",
"id": "108800"
},
{
"date": "2011-12-21T21:54:51",
"db": "PACKETSTORM",
"id": "108077"
},
{
"date": "2011-12-05T14:44:00",
"db": "PACKETSTORM",
"id": "107532"
},
{
"date": "2014-02-26T22:21:07",
"db": "PACKETSTORM",
"id": "125427"
},
{
"date": "2012-01-09T22:38:38",
"db": "PACKETSTORM",
"id": "108498"
},
{
"date": "2013-04-05T21:15:11",
"db": "PACKETSTORM",
"id": "121097"
},
{
"date": "2012-09-22T06:30:43",
"db": "PACKETSTORM",
"id": "116792"
},
{
"date": "2012-05-17T21:16:37",
"db": "PACKETSTORM",
"id": "112826"
},
{
"date": "2011-10-19T00:58:21",
"db": "PACKETSTORM",
"id": "105967"
},
{
"date": "2011-09-06T19:55:03.197000",
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#864643"
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3389"
},
{
"date": "2019-07-16T13:00:00",
"db": "BID",
"id": "49778"
},
{
"date": "2019-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002305"
},
{
"date": "2022-11-29T15:56:08.637000",
"db": "NVD",
"id": "CVE-2011-3389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes",
"sources": [
{
"db": "CERT/CC",
"id": "VU#864643"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "49778"
}
],
"trust": 0.3
}
}
var-202005-1052
Vulnerability from variot
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. (CVE-2020-13935)
It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Reqest Smuggling. (CVE-2020-1935)
It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2530-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2530 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr UqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy QjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt AxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp Lf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy U6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1 whBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0 jAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU 8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK mytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5 VtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o yI/DufEuzcM\xbfNT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4596-1 October 21, 2020
tomcat9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Tomcat. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. (CVE-2020-11996)
It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. (CVE-2020-13934)
It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-13935)
It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libtomcat9-embed-java 9.0.31-1ubuntu0.1 libtomcat9-java 9.0.31-1ubuntu0.1 tomcat9 9.0.31-1ubuntu0.1 tomcat9-common 9.0.31-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.0"
},
{
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.43"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "10.0.0"
},
{
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.21"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.108"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "siebel apps - marketing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.63"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.10.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.1"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4.0.5"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.108",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.63",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.43",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.0.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
}
],
"trust": 0.6
},
"cve": "CVE-2020-9484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-9484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat\u0027s use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484)\nThe fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat support for Spring Boot provides an application platform that\nreduces the complexity of developing and operating applications (monoliths\nand microservices) for OpenShift as a containerized platform. (CVE-2020-13935)\n\nIt was discovered that Tomcat incorrectly handled HTTP header parsing. In\ncertain environments where Tomcat is located behind a reverse proxy, a\nremote attacker could possibly use this issue to perform HTTP Reqest\nSmuggling. (CVE-2020-1935)\n\nIt was discovered that Tomcat incorrectly handled certain uncommon\nPersistenceManager with FileStore configurations. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: tomcat security update\nAdvisory ID: RHSA-2020:2530-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2530\nIssue date: 2020-06-11\nCVE Names: CVE-2020-9484\n====================================================================\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to\nRCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-9484\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr\nUqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy\nQjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt\nAxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp\nLf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy\nU6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1\nwhBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0\njAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU\n8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK\nmytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5\nVtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o\nyI/DufEuzcM\\xbfNT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4596-1\nOctober 21, 2020\n\ntomcat9 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. An\nattacker could possibly use this to cause Tomcat to consume resources,\nresulting in a denial of service. (CVE-2020-11996)\n\nIt was discovered that Tomcat did not properly release the HTTP/1.1\nprocessor after the upgrade to HTTP/2. An attacker could possibly use\nthis to generate an OutOfMemoryException, resulting in a denial of\nservice. (CVE-2020-13934)\n\nIt was discovered that Tomcat did not properly validate the payload\nlength in a WebSocket frame. An attacker could possibly use this to\ntrigger an infinite loop, resulting in a denial of service. (CVE-2020-13935)\n\nIt was discovered that Tomcat did not properly deserialize untrusted\ndata. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2020-9484)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n libtomcat9-embed-java 9.0.31-1ubuntu0.1\n libtomcat9-java 9.0.31-1ubuntu0.1\n tomcat9 9.0.31-1ubuntu0.1\n tomcat9-common 9.0.31-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8\nTjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW\n1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE\nmpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO\n0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG\n2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI\n9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv\nREID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L\ntTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5\nRtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2\niG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS\nbTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU=\n=E8Ei\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
},
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158761"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "159666"
},
{
"db": "PACKETSTORM",
"id": "168857"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-187609",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9484",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "157924",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10332",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/01/2",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "158029",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158030",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158761",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158049",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159666",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158034",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158050",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158621",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158032",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158103",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98234",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-34449",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1078",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168857",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158761"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "159666"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"id": "VAR-202005-1052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:45:17.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202509 - security advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202530 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202506 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202487 - security advisory"
},
{
"title": "Red Hat: Important: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202529 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202483 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat9: CVE-2020-9484",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cc55062b1693f83a222063668ffd932c"
},
{
"title": "Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203017 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1389",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1389"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1390",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1390"
},
{
"title": "Arch Linux Advisories: [ASA-202006-5] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202006-5"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1449",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1449"
},
{
"title": "Arch Linux Advisories: [ASA-202006-7] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202006-7"
},
{
"title": "Arch Linux Advisories: [ASA-202005-19] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202005-19"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1493",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1493"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-008",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alastomcat8.5-2023-008"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1491",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1491"
},
{
"title": "Arch Linux Advisories: [ASA-202005-18] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202005-18"
},
{
"title": "Arch Linux Advisories: [ASA-202006-6] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202006-6"
},
{
"title": "Arch Linux Advisories: [ASA-202005-20] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202005-20"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-9484 log"
},
{
"title": "Debian Security Advisories: DSA-4727-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=948379f644728cd78397969845b23817"
},
{
"title": "Debian Security Advisories: DSA-5265-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ff46eee51fe9c568d7579825e9f7646"
},
{
"title": "Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5360-1"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-009",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alastomcat8.5-2023-009"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b4bdf241c7e678e09423e98e7d3134b8"
},
{
"title": "IBM: Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6625900b3dffe0c4351300480ad4824f"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.11.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225532 - security advisory"
},
{
"title": "https://github.com/osamahamad/CVE-2020-9484-Mass-Scan",
"trust": 0.1,
"url": "https://github.com/osamahamad/cve-2020-9484-mass-scan "
},
{
"title": "https://github.com/anjai94/CVE-2020-9484-exploit",
"trust": 0.1,
"url": "https://github.com/anjai94/cve-2020-9484-exploit "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/dxy0411/cve-2020-9484 "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/assassinukg/cve-2020-9484 "
},
{
"title": "summary",
"trust": 0.1,
"url": "https://github.com/catbamboo/catbamboo.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9484"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/jun/6"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10332"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9484"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10332"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2487"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=3.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.spring.boot\u0026version=2.1.15"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4448-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2530"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.3/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4596-1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158761"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "159666"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158761"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "159666"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-187609"
},
{
"date": "2020-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"date": "2020-06-11T16:33:05",
"db": "PACKETSTORM",
"id": "158030"
},
{
"date": "2020-06-11T16:32:58",
"db": "PACKETSTORM",
"id": "158029"
},
{
"date": "2020-06-11T16:36:37",
"db": "PACKETSTORM",
"id": "158050"
},
{
"date": "2020-07-27T18:44:59",
"db": "PACKETSTORM",
"id": "158621"
},
{
"date": "2020-08-05T15:19:31",
"db": "PACKETSTORM",
"id": "158761"
},
{
"date": "2020-06-11T16:36:30",
"db": "PACKETSTORM",
"id": "158049"
},
{
"date": "2020-06-11T16:33:52",
"db": "PACKETSTORM",
"id": "158034"
},
{
"date": "2020-10-21T15:52:39",
"db": "PACKETSTORM",
"id": "159666"
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168857"
},
{
"date": "2020-05-20T19:15:09.257000",
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-187609"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"date": "2023-11-07T03:26:54.770000",
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "158761"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2020-2487-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "158030"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "158030"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "168857"
}
],
"trust": 0.5
}
}
var-202207-0579
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0579",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.4"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29507"
}
]
},
"cve": "CVE-2020-29507",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-29507",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-376211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29507",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-29507",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-29507",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-837",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-376211",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-29507",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "VULMON",
"id": "CVE-2020-29507"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29507",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84619",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-376211",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-29507",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"id": "VAR-202207-0579",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376211"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:55:51.465000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Micro Edition Suite and Dell BSAFE Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200901"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29507"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-29507/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-july-2022-38858"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376211"
},
{
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-376211"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"date": "2022-07-11T20:15:08.147000",
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-376211"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29507"
},
{
"date": "2023-09-25T06:20:00",
"db": "JVNDB",
"id": "JVNDB-2019-016812"
},
{
"date": "2022-11-29T02:56:07.263000",
"db": "NVD",
"id": "CVE-2020-29507"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-837"
}
],
"trust": 0.6
}
}
var-201501-0338
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 2.1.1 security update Advisory ID: RHSA-2016:1650-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html Issue date: 2016-08-22 CVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes.
Security Fix(es):
-
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
Refer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a list of non security related fixes.
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0] 1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0] 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html https://access.redhat.com/site/documentation/ https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html https://access.redhat.com/security/vulnerabilities/httpoxy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC VkvGRKSu76E7WPtB8TOdqyw= =7UQL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206).
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204).
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jre 1.7.0 17",
"scope": null,
"trust": 1.8,
"vendor": "oracle",
"version": null
},
{
"model": "capssuite",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v4 to v5.1"
},
{
"model": "csview",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "/faq navigator"
},
{
"model": "csview",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "/web questionnaire"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "ver6.0 to ver8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "infocage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "security risk management v1.0.2 to v2.1.4"
},
{
"model": "istorage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "a series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "d series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "e series"
},
{
"model": "istorage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "m series (nas including options )"
},
{
"model": "istorage",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "s series"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "ver3.0"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "ver3.01"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "ver3.02"
},
{
"model": "secureware/pki application development kit",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "ver3.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "enterprise edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "enterprise edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "enterprise v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "express v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v6.4 to v9.2"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "v8.2 to v9.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "jobcenter cl/web r13.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 1.6,
"vendor": "nec",
"version": "jobcenter cl/web r13.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "jdk 1.7.0 17",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 13",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 43",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 39",
"scope": null,
"trust": 1.5,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0:update 65",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.7.072"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.8.025"
},
{
"model": "jre update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.6.085"
},
{
"model": "jdk 1.6.0 43",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 45",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 38",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.6.085"
},
{
"model": "jre 1.7.0 13",
"scope": null,
"trust": 1.2,
"vendor": "oracle",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 1.2,
"vendor": "oracle",
"version": "1.8.025"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zc"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 21",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.081"
},
{
"model": "jre 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 55",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0:update 75",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0:update 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 61",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0:update 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.081"
},
{
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0:update 75",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.840"
},
{
"model": "jre 1.6.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.072"
},
{
"model": "jdk 1.7.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.691"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 55",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.8.0:update 5",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.8.0:update 5",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.776"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 14",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 15",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.7.0 21",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 71",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 61",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.581"
},
{
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.071"
},
{
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.581"
},
{
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 12",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.075"
},
{
"model": "jre 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 37",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.840"
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.075"
},
{
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 71",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.020"
},
{
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 15",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 14",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.691"
},
{
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 65",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 51",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0:update 60",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.067"
},
{
"model": "jdk 1.7.0 12",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.5.071"
},
{
"model": "jdk 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.067"
},
{
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.776"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.020"
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 40",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "research in motion rim",
"version": null
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.2 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.2 to v9.2"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v7.1 to v8.1"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1 to v8.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator v3.1.0.x to v4.1.0.x"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series all versions"
},
{
"model": "sparc enterprise m3000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.2"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.5.1.1"
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6 update 21 and earlier"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2260"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "sparc enterprise m4000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "ix3000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver.8.7.22 all subsequent versions"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver2.0 to 8.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.0 update 81 and earlier"
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.3.0.0"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v7.1 to v8.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.6.22 and earlier"
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.0 update 33 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v4.2 to v6.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(fujitsu m10-1/m10-4/m10-4s server )"
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 12.1.0.2"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base (hs15-019)"
},
{
"model": "application server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "sparc enterprise m5000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle business intelligence enterprise edition 11.1.1.7"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0p"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.6.1.0.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "3.0"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 12.1.0.1"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "certd 10.0"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v9.2"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7500/nv5500/nv3500 series"
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "nv7400/nv5400/nv3400 series"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.3.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle endeca server 7.4.0.0"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "ucosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "univerge",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3c cmm all versions"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator probe option ver3.1.0.x to ver4.1.0.x"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "6 update 91 and earlier"
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle business intelligence enterprise edition 11.1.1.9"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "5.0 update 81 and earlier"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1"
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "certd 8.0r3 (with db plugin patch 2)"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.1"
},
{
"model": "application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v4.1 to v6.5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6 (hs15-018)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "hp icewall federation agent",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "3.0"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "hp icewall mcrp",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.1"
},
{
"model": "systemdirector enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "for java ( all models ) v5.1 to v7.2"
},
{
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for plug-in"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "6 update 91 and earlier"
},
{
"model": "sparc enterprise m9000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ne series ver.002.05.00 later versions"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1 to v8.1"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator agent ver3.3 to ver4.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle mobile security suite mss 3.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r2"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "univerge",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3c ucm v8.5.4 before"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "ix2000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "ver.8.7.22 all subsequent versions"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.2.0"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 8.0 r1"
},
{
"model": "jrockit",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "r28.3.5 and earlier"
},
{
"model": "hp icewall sso",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "dfw 10.0"
},
{
"model": "xcp",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1120"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "application navigator manager ver3.2.2 to ver4.1"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6 update 21 and earlier"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle exalogic infrastructure 2.0.6.2"
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "sparc enterprise m8000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.0 update 33 and earlier"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "ops center 12.2.1"
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.8"
},
{
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 38",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "7.4"
},
{
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 34",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.8"
},
{
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.1"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0"
},
{
"model": "bbm protected on blackberry",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1767"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "bbm on blackberry os",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1767"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.039"
},
{
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.17"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22025850"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79120"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.28"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "websphere real time sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "85100"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.1"
},
{
"model": "jdk update3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.306"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.055"
},
{
"model": "netezza platform software 7.2.0.4-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.42"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.025"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.1.0.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "prime security manager 04.8 qa08",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rational automation framework ifix5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "sametime community server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.04"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355041980"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.47"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cloud manager interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.12"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.22"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "sterling control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.21"
},
{
"model": "java sdk sr16-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "java sdk sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.8"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310025820"
},
{
"model": "websphere real time sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.2"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.00"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.039"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.35"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 1.0.1k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.06"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"model": "sterling connect:direct browser user interface ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.208"
},
{
"model": "jre update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.220"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.15"
},
{
"model": "chassis management module 2pet12g",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "java sdk ga",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.2"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "system management homepage c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(7.26)"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.10"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.043"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "communications session border controller scz7.3.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.121"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "os",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1779"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"model": "jre update3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "cognos tm1 interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1.2"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.3"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.3"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "flashsystem 9848-ac2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11.03"
},
{
"model": "work space manager for bes10/bes12 23584 14",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "jdk update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.260"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "nextscale nx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "54550"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.22"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.139)"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.08"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.036"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.1"
},
{
"model": "chassis management module 2pet10e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "workcentre 3025ni",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "3.50.01.10"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.6"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.180"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571480"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.16"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.17"
},
{
"model": "java sdk sr16-fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.5"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "chassis management module 2pet10p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.7"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "chassis management module 2peo12r",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.2.3"
},
{
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087220"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "java sdk 6r1 sr8-fp2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "netezza platform software 7.1.0.4-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.3"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.1"
},
{
"model": "tivoli storage manager client management services",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32253.50.01.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"model": "java sdk sr16",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "bbm meetings for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "java sdk sr16-fp10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "wag310g residential gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0-14"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.8"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.10"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.7"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "project openssl 1.0.0o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.1.31"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "agent desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.13"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "hp-ux b.11.31 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v3)"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.1"
},
{
"model": "chassis management module 2pet12r",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "chassis management module 2pet10b",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "java sdk sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "chassis management module 2peo12o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ctpos 7.0r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.038"
},
{
"model": "unified attendant console department edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "system management homepage a",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11.197"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.31"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.365"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "java sdk sr16-fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.411"
},
{
"model": "java sdk sr12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3204.1"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "tape subsystems",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73210"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.15"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.11"
},
{
"model": "project openssl 0.9.8zd",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.01"
},
{
"model": "flashsystem 9846-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150361"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "7.0"
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bes10",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "upward integration modules hardware management pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.3"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325025830"
},
{
"model": "jdk update2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.3"
},
{
"model": "domino fix pack if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.133"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"model": "system management homepage 7.3.2.1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "30203.50.01.10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.1.1"
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "bbm protected on ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.13"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "smartcloud entry fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.110"
},
{
"model": "rational build utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "84200"
},
{
"model": "cms r16.3 r7",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.12"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079470"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "infosphere information analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.01"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.032"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "5.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "tivoli netcool configuration manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363071580"
},
{
"model": "ctpos 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mq appliance m2000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "jre update2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "jre update15",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.5"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.801"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0.590"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0.600"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.50"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24078630"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "workcentre r1",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "6400061.070.105.25200"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.1"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4"
},
{
"model": "gpfs for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87310"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.5"
},
{
"model": "system m4 hdtype",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054600"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "java sdk sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7910"
},
{
"model": "mobile security suite mss",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.5"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.01"
},
{
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "jdk update33",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.21"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.13"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087180"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.045"
},
{
"model": "jre update10",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere real time sr9",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.12"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.52"
},
{
"model": "idataplex dx360 m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79130"
},
{
"model": "jdk update6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"model": "jre update7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"model": "jdk update10",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "infosphere optim data masking solution",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3.0.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "java sdk sr16-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.0.28"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.9"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x73230"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "domino fp if4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "jre update13",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.6"
},
{
"model": "workcentre spar",
"scope": "ne",
"trust": 0.3,
"vendor": "xerox",
"version": "355025.003.33.000"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.37"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "netezza platform software 7.1.0.5-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.18"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "8"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.5"
},
{
"model": "tivoli composite application manager for soa",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x57145"
},
{
"model": "java sdk sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.00"
},
{
"model": "vds service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.60"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.041"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.6"
},
{
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "app for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "cognos tm1 interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "chassis management module 2pet12h",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "xiv storage system gen3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.2.0"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "bbm protected on ios",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.32"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "security identity governance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.200"
},
{
"model": "webex meetings server 2.5mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.5"
},
{
"model": "jdk update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.43"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"model": "unified attendant console enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.122"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.027"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "content analysis system",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2.3.1"
},
{
"model": "chassis management module 2pet12d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571460"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.025"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x44079170"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "work browser for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.17483.17"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.05"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3.3"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.0"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.18"
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.4"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.250"
},
{
"model": "db2 advanced enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "hp-ux b.11.23 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v2)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "ata series analog terminal adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.21"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.4"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.211"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.4"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "websphere mq mqipt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.033"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "cognos tm1 fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.12"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.2"
},
{
"model": "cms r16.3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.43"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.11"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3400"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "bbm protected on android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "domino interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.03"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.15"
},
{
"model": "mashup center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.7"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "netezza platform software 7.0.2.16-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "jdk update9",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "workflow for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.043"
},
{
"model": "jre update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.260"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.060"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.411"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.2.2"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6.0"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "6.0"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "java sdk sr14",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "link for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.1.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "10.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "linux enterprise server sp2 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087380"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "domino fp if3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.24"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "jre update4",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.2"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "cognos tm1 fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.238"
},
{
"model": "ns oncommand core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.036"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.11"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "bcaaa",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.1"
},
{
"model": "work connect for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.17483.21"
},
{
"model": "jdk update24",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.051"
},
{
"model": "upward integration modules hardware management pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "5"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "domino if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.06"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.29"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.9"
},
{
"model": "one-x client enablement services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "jre update5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.50"
},
{
"model": "anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "blend for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.195"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.034"
},
{
"model": "java sdk sr16",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5.0.2"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "xiv storage system gen3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "work space manager for bes10/bes12 24755 137",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.3.3"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"model": "infosphere global name management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4"
},
{
"model": "hp-ux b.11.11 (11i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v1)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "jdk update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.280"
},
{
"model": "domino fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150360"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.6"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.7"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.038"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.4"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073800"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11"
},
{
"model": "jdk update7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.00"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "phaser",
"scope": "ne",
"trust": 0.3,
"vendor": "xerox",
"version": "36001.70.03.06"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jre update11",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "infosphere master data management patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.4"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.5"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "system idataplex dx360 m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63910"
},
{
"model": "infosphere master data management server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura utility services sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.6"
},
{
"model": "jre update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jre update17",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk update27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.270"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.32"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.303"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.56"
},
{
"model": "chassis management module 2pet10h",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.12"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(0.625)"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88079030"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0.870"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.12"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "blend for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.21"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "java sdk 6r1 sr8-fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.0"
},
{
"model": "infosphere master data management provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"model": "norman shark industrial control system protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "version control repository manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "workcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32153.50.01.10"
},
{
"model": "websphere appliance management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22279160"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.11"
},
{
"model": "jdk update31",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.11"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "3.6"
},
{
"model": "flashsystem 9846-ac2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "chassis management module 2pet12i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.366"
},
{
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "chassis management module 2pet10m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.032"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.45"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jdk update19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chassis management module 2pete5o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "flashsystem 9848-ac2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "communications session border controller scz7.2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5.0.2"
},
{
"model": "src series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.8"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "buildforge ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.66"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079440"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.32"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42000"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"model": "websphere real time sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "jdk update30",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.300"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571430"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"model": "bbm on blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.051"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.70"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.14"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.045"
},
{
"model": "work space manager for bes10/bes12 24144 68",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "java sdk sr16-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.14"
},
{
"model": "sametime community server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.303"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087330"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.024"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.2"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "mate live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "flashsystem 9848-ae2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v90000"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.038"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "chassis management module 2pet12f",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.10"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.040"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.10"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "bbm protected on android",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.0"
},
{
"model": "work space manager for bes10/bes12 25374 241",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pulse secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.041"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.029"
},
{
"model": "initiate master data service provider hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "java sdk r1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "java sdk 7r1 sr2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x310054570"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.9"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x363073770"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aura conferencing sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1841"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "linux enterprise module for legacy software",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl 1.0.0h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.21"
},
{
"model": "flashsystem 9846-ae2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.010"
},
{
"model": "tivoli netcool configuration manager if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.6003"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.027"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.022"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "sterling connect:direct browser ifix10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.3"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x638370"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.124"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "java sdk sr16-fp8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054540"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "ctpos 6.6r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.13"
},
{
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3810"
},
{
"model": "domino if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.07"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "workcentre 3025bi",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "3.50.01.10"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.212"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.033"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.7"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "53000"
},
{
"model": "jre 1.6.0 31",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "java sdk sr9",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "jdk update20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "session border controller for enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "bbm on ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.302"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.3"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.10"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "network node manager ispi performance for qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "systems insight manager 7.4.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "blend for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "rational build utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"model": "system m5 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x325054580"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "chassis management module 2peo12i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.4"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "lotus quickr for websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)5.1"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.060"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "chassis management module 2pet10c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "chassis management module 2pet10f",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli network performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.34"
},
{
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.10"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355042540"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "network node manager ispi performance for metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.6"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.5"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "one-x client enablement services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.2"
},
{
"model": "blend for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.10"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"model": "tivoli monitoring fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.5"
},
{
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "30523.50.01.11"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "work space manager for bes10/bes12 24651 124",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.3"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.28"
},
{
"model": "xiv storage system gen3 a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.030"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.1.11"
},
{
"model": "java sdk sr13",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.209"
},
{
"model": "jre 1.5.0 09-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.41"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.0.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "enterprise linux server eus 6.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0.4"
},
{
"model": "norman shark network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.051"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bbm on windows phone",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.0.0.25"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.42"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jre update30",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.300"
},
{
"model": "java sdk 7r1 sr1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.10"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.16)"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.13"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.034"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server community edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.4"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre update5",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "pureapplication system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "app for stream",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "rational sap connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.8"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.035"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1.6"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "jdk update11",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "java sdk sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.42"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"model": "work space manager for bes10/bes12 23853 47",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.480"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.026"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x638370"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.2"
},
{
"model": "work space manager for bes10/bes12 25616 10",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.33"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.20"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.2"
},
{
"model": "workcentre spar",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "35500"
},
{
"model": "os image for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "application policy infrastructure controller 1.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "tivoli monitoring fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.24"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.18"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "aura conferencing sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365042550"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12.201"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"model": "java sdk sr1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.040"
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"model": "dx series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "ace30 application control engine module 3.0 a5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.3"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.10"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.3"
},
{
"model": "db2 advanced workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "bbm meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "cms r17 r4",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.9"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.065"
},
{
"model": "cognos insight standard edition fp if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.214"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.11"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.305"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.5"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.10"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.5.03.00"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.4"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.037"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli storage manager client management services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "bbm meetings for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.7"
},
{
"model": "sametime community server limited use",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.220"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.12"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571470"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24087370"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.31"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "db2 developer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.0.10"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.8"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365041990"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.11"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87340"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.041"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.24"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.12"
},
{
"model": "secure work space for bes10/bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1.0.150359"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.180"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.045"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "ringmaster appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.47"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "domino interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.06"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.15"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.051"
},
{
"model": "java sdk sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java sdk sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "websphere real time sr7 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "bbm meetings for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "bes",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "50"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0"
},
{
"model": "system m4 bd type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365054660"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "jre update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "iptv",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.11"
},
{
"model": "upward integration modules integrated installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.3"
},
{
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "web security appliance 9.0.0 -fcs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "work space manager for bes10/bes12 24998 176",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "mint",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "bes12",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.1"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "3"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0.1"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0.1.12"
},
{
"model": "jdk update4",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.024"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update23",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.045"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.5"
},
{
"model": "java sdk 7r1 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571490"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3.6"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre 1.6.0 33",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.038"
},
{
"model": "db2 purescale feature",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.040"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.029"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "chassis management module 2pete6l",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.00"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.12"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.1.1154"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "mobile wireless transport manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "mate design",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.85"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "infosphere master data management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "chassis management module 2peo12p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.16"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jboss enterprise application platform",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.74"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.023"
},
{
"model": "jre update6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "flashcopy manager for db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.41"
},
{
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x353071600"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "aura conferencing sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.470"
},
{
"model": "java sdk sr16-fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.13"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.022"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.09"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "4"
},
{
"model": "telepresence mcu",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "45000"
},
{
"model": "bbm meetings for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "project openssl 1.0.0n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "java sdk 6r1 sr8-fp3",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "websphere real time sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.1"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "webex meetings for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network node manager ispi for ip telephony",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jdk update5",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"model": "websphere real time sr8 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "rational agent controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"model": "flashsystem 9846-ac2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.11"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.213"
},
{
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.12"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.2.3"
},
{
"model": "phaser 3300mfp",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "20.105.52.000"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.6"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079140"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.2"
},
{
"model": "os image for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.0"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.4"
},
{
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4.0.5"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.160"
},
{
"model": "jre update28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.280"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.51"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "blend for android",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.2.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571910"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.32"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "004.000(1233)"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "real-time compression appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.10"
},
{
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "sterling connect:direct for hp nonstop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "chassis management module 2pet10i",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.16"
},
{
"model": "jre update33",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "bes12 client",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "12.0.0.69"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "norman shark industrial control system protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.0"
},
{
"model": "link for mac os (build",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.1.135)"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x571450"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "java sdk sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "java sdk sr15",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "aura conferencing sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "jdk update18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "mashup center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.8"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.6"
},
{
"model": "domino fix pack if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.367"
},
{
"model": "jre update1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.12"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.20"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.031"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.030"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "mate collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.4"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.019"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "jre 1.6.0 37",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "6"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "bbm on android",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.6"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "netezza platform software 7.0.4.7-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.19"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.7"
},
{
"model": "project openssl 0.9.8u",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.2"
},
{
"model": "link for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.2.3.48"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.2.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "flashsystem 9848-ae2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v90007.5.1.0"
},
{
"model": "communications session border controller scz7.4.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.410"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "32603.50.01.11"
},
{
"model": "bbm protected on blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl 1.0.0p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.16"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "36000"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70104.1"
},
{
"model": "cms r16.3 r6",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "sametime",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "flex system manager node types",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79550"
},
{
"model": "app for netapp data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "notes fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "infosphere master data management server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350073830"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.0"
},
{
"model": "prime collaboration assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.035"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.039"
},
{
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "as infinity",
"scope": "eq",
"trust": 0.3,
"vendor": "pexip",
"version": "1"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "project openssl 1.0.0m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "java sdk sr8-fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"model": "cognos planning interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.12"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.026"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "alienvault",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.15.1"
},
{
"model": "splunk",
"scope": "ne",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.12"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "jre update6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.60"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "java sdk sr4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "media services interface",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "netezza platform software 7.0.2.15-p1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.055"
},
{
"model": "chassis management module 2pet12k",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.13"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "(x86)4.3"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "system m3 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079450"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "unified attendant console premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura communication manager ssp04",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.040"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.1.2"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "jdk update14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "chassis management module 2pet10d",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "7.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.3"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x22079060"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.039"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "physical access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x88042590"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "chassis management module 2pet10k",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules integrated installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5.2"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "idataplex dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79790"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "jdk update1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "initiate master data service patient hub",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "malware analysis appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.8.06"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.44"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere real time sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5.0"
},
{
"model": "norman shark scada protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"model": "unified attendant console business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "websphere mq for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.1"
},
{
"model": "websphere real time sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "chassis management module 2pet10g",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "jre update21",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"model": "bbm on windows phone",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.0.0.24"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.11"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.08"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.037"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.7"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.45"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"model": "rational developer for i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "chassis management module 2pet12p",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.8"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x365079150"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.6"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.0.3"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.205"
},
{
"model": "jre update32",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.320"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.170"
},
{
"model": "chassis management module 2pet12o",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.18"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "norman shark network protection",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.3.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.041"
},
{
"model": "java sdk sr16-fp4",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "work space manager for bes10/bes12 23819 44",
"scope": null,
"trust": 0.3,
"vendor": "blackberry",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"model": "flashcopy manager for oracle with sap environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "upward integration modules scvmm add-in",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "sterling connect:direct browser ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.11.04"
},
{
"model": "virtual connect enterprise manager sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.19"
},
{
"model": "storediq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "sametime community server hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "as infinity",
"scope": "ne",
"trust": 0.3,
"vendor": "pexip",
"version": "8.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "sterling connect:direct browser user interface",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.11"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "jre update25",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "netezza platform software 7.0.4.8-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "splunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "5.0.10"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "alienvault",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.12.1"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "rational requisitepro",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "hunk",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "6.2"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "tririga for energy optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x571430"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "network node manager ispi for net",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.17"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.141"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.2"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.045"
},
{
"model": "system idataplex dx360 m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x63800"
},
{
"model": "java",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.205"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "security privileged identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "content collector for sap applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "ctpview 7.1r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4.0.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "sterling connect:direct browser",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5.0.2"
},
{
"model": "smartcloud entry fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.19"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "security appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"model": "domino fix pack interim f",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.36"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6.1.3"
},
{
"model": "jdk update16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.123"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "jdk update26",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x355079460"
},
{
"model": "idataplex dx360 m4 water cooled type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "79180"
},
{
"model": "chassis management module 2pet12e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.153"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.213"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.110"
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"model": "system type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3690x571920"
},
{
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.6"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.023"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.15"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "java sdk sr16-fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.33"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.14"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.35"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "bbm on ios",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.7.0.32"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.12"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.13"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.0.1052"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.2"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "jdk update29",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.0.180"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "jre update9",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "bbm protected on blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "100"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4.0.5"
},
{
"model": "chassis management module 2pet10q",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere real time sr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "39"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "network node manager ispi performance for traffic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.09"
},
{
"model": "network node manager ispi for mpls vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "flex system compute node type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x24089560"
},
{
"model": "java sdk sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.75"
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "tivoli asset management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "tivoli storage flashcopy manager for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "data ontap operating in 7-mode",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "java sdk sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "java sdk sr4-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.6"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"model": "chassis management module 2peo12e",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.12"
},
{
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jre update9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.90"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "java sdk 7r1 sr2-fp10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "flex system fc3171 8gb san switch and san pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.00"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.152"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "cognos insight standard edition fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.24"
},
{
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.14"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3104.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"model": "norman shark scada protection",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "aura application server sip core sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4"
},
{
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "flashcopy manager for unix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1.0"
},
{
"model": "security identity manager virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "java sdk 6r1 sr8",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "netezza platform software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.12"
},
{
"model": "system m4 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x375087520"
},
{
"model": "universal device service",
"scope": "ne",
"trust": 0.3,
"vendor": "blackberry",
"version": "0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.031"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"model": "xiv storage system gen2 10.2.4.e-6",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.242"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.2"
},
{
"model": "network node manager ispi for ip multicast qa",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"model": "chassis management module 2pet10a",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "splunk",
"version": "0"
},
{
"model": "domino fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.13"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "thinpro linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "buildforge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "system m2 type",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x350078390"
},
{
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.0"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87104.1"
},
{
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "flashcopy manager for oracle",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"model": "ios 15.5 s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "prime performance manager for sps ppm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.6"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "jre update4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0.40"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "1010.3.0.1418"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"model": "flashcopy manager for custom applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.12"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.8zc",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 0.6
},
"cve": "CVE-2015-0204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0204",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-001672",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0204",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-001672",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-171",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 2.1.1 security update\nAdvisory ID: RHSA-2016:1650-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html\nIssue date: 2016-08-22\nCVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 \n CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. \nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106. \n\n3. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a\nlist of non security related fixes. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]\n1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]\n1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header\n1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-5387\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.1\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html\nhttps://access.redhat.com/site/documentation/\nhttps://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC\nVkvGRKSu76E7WPtB8TOdqyw=\n=7UQL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n A memory leak can occur in the dtls1_buffer_record function under\n certain conditions. In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). \n \n When openssl is built with the no-ssl3 option and a SSL v3 ClientHello\n is received the ssl method would be set to NULL which could later\n result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). \n \n An OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate\u0026#039;s fingerprint. This does not allow an attacker to\n forge certificates, and does not affect certificate verification or\n OpenSSL servers/clients in any other way. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0204"
},
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "130545"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0204",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#243585",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99125992",
"trust": 1.6
},
{
"db": "BID",
"id": "71936",
"trust": 1.4
},
{
"db": "JUNIPER",
"id": "JSA10679",
"trust": 1.4
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10102",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10108",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10110",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033378",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98974537",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91828320",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95877131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-0204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130545",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"id": "VAR-201501-0338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4675421719999999
},
"last_update_date": "2024-07-23T19:53:23.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu99125992/522154/index.html"
},
{
"title": "NV15-016",
"trust": 1.6,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html"
},
{
"title": "[08 Jan 2015]",
"trust": 1.6,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"title": "3046015",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/3046015"
},
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204659"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht204659"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"title": "Only allow ephemeral RSA keys in export ciphersuites.",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
},
{
"title": "HS15-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-018/index.html"
},
{
"title": "HS15-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-019/index.html"
},
{
"title": "HPSBGN03299 SSRT101987",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04604357"
},
{
"title": "HPSBHF03289",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055"
},
{
"title": "HPSBUX03244 SSRT101885",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853"
},
{
"title": "1883640",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#98974537)",
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98974537/522154/index.html"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#95877131)",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html"
},
{
"title": "NV15-015",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html"
},
{
"title": "NV15-017",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html"
},
{
"title": "[19 Mar 2015] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv_20150319.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Third Party Bulletin - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"title": "RHSA-2015:0800",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
},
{
"title": "RHSA-2015:0849",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
},
{
"title": "RHSA-2015:0066",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": "January 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "CVE-2015-0204",
"trust": 0.8,
"url": "https://www.suse.com/security/cve/cve-2015-0204.html"
},
{
"title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01545.html"
},
{
"title": "cisco-sa-20150310-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html"
},
{
"title": "HS15-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-018/index.html"
},
{
"title": "HS15-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-019/index.html"
},
{
"title": "TLSA-2015-2",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html"
},
{
"title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20150327b.html"
},
{
"title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/oracle/20150416.html"
},
{
"title": "openssl-1.0.0p",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190"
},
{
"title": "openssl-0.9.8zd",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189"
},
{
"title": "openssl-1.0.1k.tar.gz",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory"
},
{
"title": "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150113-cve-2015-0204"
},
{
"title": "Red Hat: CVE-2015-0204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0204"
},
{
"title": "Symantec Security Advisories: SA91 : FREAK Attack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=fb8c9ab0a61ac1def90eef5ef6757895"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1"
},
{
"title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
},
{
"title": "Amazon Linux AMI: ALAS-2015-469",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
},
{
"title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
},
{
"title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
},
{
"title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "FreakVulnChecker",
"trust": 0.1,
"url": "https://github.com/felmoltor/freakvulnchecker "
},
{
"title": "Freak-Scanner",
"trust": 0.1,
"url": "https://github.com/scottjpack/freak-scanner "
},
{
"title": "FREAK-Attack-CVE-2015-0204-Testing-Script",
"trust": 0.1,
"url": "https://github.com/abhishekghosh/freak-attack-cve-2015-0204-testing-script "
},
{
"title": "stuff",
"trust": 0.1,
"url": "https://github.com/thekondrashov/stuff "
},
{
"title": "non-controlflow-hijacking-datasets",
"trust": 0.1,
"url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
},
{
"title": "scz_doc_copy",
"trust": 0.1,
"url": "https://github.com/topcaver/scz_doc_copy "
},
{
"title": "checks",
"trust": 0.1,
"url": "https://github.com/cryptflow/checks "
},
{
"title": "tls",
"trust": 0.1,
"url": "https://github.com/greyleonie/tls "
},
{
"title": "JPN_RIC13351-2",
"trust": 0.1,
"url": "https://github.com/neominds/jpn_ric13351-2 "
},
{
"title": "script_a2sv",
"trust": 0.1,
"url": "https://github.com/f4rm0x/script_a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/hahwul/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/84kaliplexon3/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/theripperjhon/a2sv "
},
{
"title": "sslscanner",
"trust": 0.1,
"url": "https://github.com/fireorb/sslscanner "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/h4ck3rt3ch/a2sv "
},
{
"title": "HTTPSScan",
"trust": 0.1,
"url": "https://github.com/alexoslabs/httpsscan "
},
{
"title": "A2SV--SSL-VUL-Scan",
"trust": 0.1,
"url": "https://github.com/nyctophile6/a2sv--ssl-vul-scan "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.smacktls.com/#freak"
},
{
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu99125992/index.html"
},
{
"trust": 1.5,
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"trust": 1.4,
"url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71936"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
},
{
"trust": 1.1,
"url": "http://support.novell.com/security/cve/cve-2015-0204.html"
},
{
"trust": 1.1,
"url": "https://freakattack.com/"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv_20150319.txt"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa91"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033378"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.8,
"url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/757.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2"
},
{
"trust": 0.8,
"url": "https://technet.microsoft.com/library/security/3046015.aspx"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/243585"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20150415-jre.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2015/at150010.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98974537/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95877131/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91828320/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0204"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.6,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4252/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.3,
"url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanv8#announce1"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/160"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011689"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903805"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960151"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960634"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963126"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21963526"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964496"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964610"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21964625"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964730"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
},
{
"trust": 0.3,
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960515"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902444"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902710"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960815"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957999"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959525"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965448"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903747"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964850"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957855"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958902"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959252"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101008182"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011698"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011712"
},
{
"trust": 0.3,
"url": "https://service.sap.com/sap/support/notes/2163306"
},
{
"trust": 0.3,
"url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903636"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903396"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967539"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903541"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903029"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965485"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964027"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903651"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958017"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903247"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903256"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903516"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965920"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961223"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903031"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965404"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962552"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958919"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958918"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957919"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962838"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960075"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902765"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902862"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902866"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959306"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903394"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957779"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961493"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964236"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957995"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902635"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700163"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700168"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700028"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158"
},
{
"trust": 0.3,
"url": "http://www.splunk.com/view/sp-caaanxd"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960460"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963609"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965940"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967709"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967962"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968485"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968869"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0066"
},
{
"trust": 0.1,
"url": "https://github.com/felmoltor/freakvulnchecker"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37722"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2459-1/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
},
{
"trust": 0.1,
"url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/insightupdates"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#243585"
},
{
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"db": "BID",
"id": "71936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"db": "PACKETSTORM",
"id": "131045"
},
{
"db": "PACKETSTORM",
"id": "133318"
},
{
"db": "PACKETSTORM",
"id": "138473"
},
{
"db": "PACKETSTORM",
"id": "133317"
},
{
"db": "PACKETSTORM",
"id": "130987"
},
{
"db": "PACKETSTORM",
"id": "129870"
},
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "133325"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#243585"
},
{
"date": "2015-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71936"
},
{
"date": "2015-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"date": "2015-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"date": "2015-03-27T20:43:39",
"db": "PACKETSTORM",
"id": "131045"
},
{
"date": "2015-08-26T01:33:25",
"db": "PACKETSTORM",
"id": "133318"
},
{
"date": "2016-08-22T23:25:00",
"db": "PACKETSTORM",
"id": "138473"
},
{
"date": "2015-08-26T01:33:18",
"db": "PACKETSTORM",
"id": "133317"
},
{
"date": "2015-03-24T17:05:09",
"db": "PACKETSTORM",
"id": "130987"
},
{
"date": "2015-01-09T17:43:35",
"db": "PACKETSTORM",
"id": "129870"
},
{
"date": "2015-04-14T18:54:44",
"db": "PACKETSTORM",
"id": "131408"
},
{
"date": "2015-08-26T01:35:08",
"db": "PACKETSTORM",
"id": "133325"
},
{
"date": "2015-02-26T17:13:09",
"db": "PACKETSTORM",
"id": "130545"
},
{
"date": "2015-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"date": "2015-01-09T02:59:10.287000",
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-27T00:00:00",
"db": "CERT/CC",
"id": "VU#243585"
},
{
"date": "2018-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0204"
},
{
"date": "2018-10-08T07:00:00",
"db": "BID",
"id": "71936"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001672"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001009"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-171"
},
{
"date": "2018-07-19T01:29:01.700000",
"db": "NVD",
"id": "CVE-2015-0204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131408"
},
{
"db": "PACKETSTORM",
"id": "130545"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#243585"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-171"
}
],
"trust": 0.6
}
}
var-200311-0089
Vulnerability from variot
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. OpenSSL 0.9.6j/0.9.7b Before ASN.1 An integer overflow vulnerability exists due to insufficient bounds checking on the value of the object's tag field. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Third party crafted ASN.1 The client certificate containing the object SSL/TSL Etc. OpenSSL By passing it through an application implemented using OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.
Vulnerabilities
-
Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.
-
Exploitation of an affected application would result in a denial of service vulnerability.
-
This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.
Who is affected?
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.
Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
References
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
and CAN-2003-0543 and CAN-2003-0544 for issue 2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200311-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tawie server linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2s"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "1.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "cobalt qube3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "java system application server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7 platform edition update 2"
},
{
"model": "java system application server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7 standard edition update 2"
},
{
"model": "java system directory server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.1"
},
{
"model": "java system web server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4.1 sp13"
},
{
"model": "java system web server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6.0 sp6"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6.1"
},
{
"model": "linux 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux apache-based web server",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "esx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.05257"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.5.2"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.11"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.10"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.01"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.0"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp12",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1x86"
},
{
"model": "one directory server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "grid engine",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3x86"
},
{
"model": "grid engine sun linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 64-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 32-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.1"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat high availability",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.1"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.8.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.6.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.8"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.7"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1"
},
{
"model": "communications security ssh sentinel",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.4"
},
{
"model": "gpl",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "1.0"
},
{
"model": "express beta",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "2.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "nsure audit",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netmail e",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.1"
},
{
"model": "international cryptographic infostructure",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.6.1"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0.2"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "ichain server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "groupwise webaccess sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "groupwise internet agent",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5.1"
},
{
"model": "groupwise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "bordermanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.8"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "8.2"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "rational rose",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2000"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.28"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.26"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.2"
},
{
"model": "hp-ux aaa server a.06.01.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "wbem services for hp-ux a.01.05.05",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "isman",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.3"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.1"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.3"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.0.1"
},
{
"model": "open software",
"scope": "eq",
"trust": 0.3,
"vendor": "cray",
"version": "3.4"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "threat response",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sn storage router sn5428-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2.5.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sip proxy server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "secure policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "520"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "ciscoworks hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "3.0"
},
{
"model": "firewall server",
"scope": "eq",
"trust": 0.3,
"vendor": "borderware",
"version": "7.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "solaris 8 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one web server sp7",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp14",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 upgrade standard",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 upgrade platform",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.2"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.9"
},
{
"model": "communications security ssh sentinel",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4.1"
},
{
"model": "os",
"scope": "ne",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.5"
},
{
"model": "project openssl c",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.3"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.2"
},
{
"model": "netmail f",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "imanager",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "2.5"
},
{
"model": "edirectory su1",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "rational requisitepro",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "hp-ux aaa server a.06.01.02.04",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem services for hp-ux a.01.05.07",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NISCC uniras@niscc.gov.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0543",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0543",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#104280",
"trust": 0.8,
"value": "11.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#732952",
"trust": 0.8,
"value": "2.53"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#686224",
"trust": 0.8,
"value": "1.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#935264",
"trust": 0.8,
"value": "21.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#380864",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#255484",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CNNVD",
"id": "CNNVD-200311-070",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. OpenSSL 0.9.6j/0.9.7b Before ASN.1 An integer overflow vulnerability exists due to insufficient bounds checking on the value of the object\u0027s tag field. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Third party crafted ASN.1 The client certificate containing the object SSL/TSL Etc. OpenSSL By passing it through an application implemented using OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0543"
},
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "PACKETSTORM",
"id": "31738"
}
],
"trust": 6.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2003-0543",
"trust": 2.8
},
{
"db": "BID",
"id": "8732",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3900",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22249",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 1.1
},
{
"db": "XF",
"id": "13316",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "CA-2003-26",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:291",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:292",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "201029",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:4254",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5292",
"trust": 0.6
},
{
"db": "ENGARDE",
"id": "ESA-20030930-027",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-394",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-393",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "31738",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"id": "VAR-200311-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-29T19:17:04.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"title": "HPSBUX00288",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
},
{
"title": "HPSBUX00290",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00901847"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
},
{
"title": "HPSBUX0310-290",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
},
{
"title": "openssl",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/openssl.html"
},
{
"title": "secadv_20030930",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-292.html"
},
{
"title": "RHSA-2003:291",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-291.html"
},
{
"title": "RHSA-2003:293",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
},
{
"title": "57472",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-1"
},
{
"title": "57100",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-1"
},
{
"title": "57498",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-1"
},
{
"title": "57599",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-1"
},
{
"title": "57498",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-3"
},
{
"title": "57472",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-3"
},
{
"title": "57100",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-3"
},
{
"title": "57599",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-3"
},
{
"title": "TLSA-2003-55",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-55.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.co.jp/security/031210_62/top.html"
},
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
},
{
"title": "RHSA-2003:291",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-291j.html"
},
{
"title": "RHSA-2003:293",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-293j.html"
},
{
"title": "TLSA-2003-55",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-55j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.1,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"trust": 4.8,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 4.0,
"url": "http://wp.netscape.com/eng/ssl3/"
},
{
"trust": 4.0,
"url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
},
{
"trust": 3.9,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"trust": 3.2,
"url": "http://www.ietf.org/html.charters/pkix-charter.html"
},
{
"trust": 2.7,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/8732"
},
{
"trust": 1.9,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-291.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
},
{
"trust": 1.6,
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-393"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
},
{
"trust": 1.6,
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22249"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3900"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5292"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4254"
},
{
"trust": 0.9,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
},
{
"trust": 0.8,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/pkcs/"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0543"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/advisories/default.aspx?id=br-20031104-00633.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/13316"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-26"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2003-26"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0543"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20031104-00748.pdf"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5292"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3900"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4254"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/swupdates/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/esx/esx2-openssh.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/products/firewall.php"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/gsx_security.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
},
{
"trust": 0.3,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
},
{
"trust": 0.3,
"url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3040.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
},
{
"trust": 0.3,
"url": "http://www.ingate.com/relnote-331.php"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/security-alerts/"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3041.html"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/476/"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/477/"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-08.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 0.3,
"url": "/archive/1/343055"
},
{
"trust": 0.1,
"url": "https://www.niscc.gov.uk)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2003-09-30T00:00:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"date": "2003-09-30T16:10:22",
"db": "PACKETSTORM",
"id": "31738"
},
{
"date": "2003-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"date": "2003-11-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2016-07-06T14:32:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000286"
},
{
"date": "2010-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-070"
},
{
"date": "2018-05-03T01:29:00",
"db": "NVD",
"id": "CVE-2003-0543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SSL/TLS implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "8732"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-070"
}
],
"trust": 0.9
}
}
var-200208-0243
Vulnerability from variot
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
Vulnerabilities
All four of these are potentially remotely exploitable.
-
The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.
-
The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.
-
The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
Exploits
There are no known exploits for this vulnerability.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt
Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openldap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "trustix",
"version": null
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.5a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.1.x"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.2.2"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "application server",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9ias"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.1"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1000"
},
{
"model": "computing safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "3.1"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "oracle9i application server",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "linux affinity toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.6"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "tru64 unix internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.9"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.8.1"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "openssl for openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "internet express eak",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "project openssl beta3",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl g",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "netmail e",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.9.2"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.9.1"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.8.2"
},
{
"model": "openssl for openvms alpha -a",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A.L. Digital Ltd\nThe Bunker",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-0655",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0655",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#561275",
"trust": 0.8,
"value": "5.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308891",
"trust": 0.8,
"value": "17.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5046",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\nVulnerabilities\n---------------\n\nAll four of these are potentially remotely exploitable. \n\n1. The client master key in SSL2 could be oversized and overrun a\n buffer. This vulnerability was also independently discovered by\n consultants at Neohapsis (http://www.neohapsis.com/) who have also\n demonstrated that the vulerability is exploitable. Exploit code is\n NOT available at this time. \n\n2. The session ID supplied to a client in SSL3 could be oversized and\n overrun a buffer. \n\n3. The master key supplied to an SSL3 server could be oversized and\n overrun a stack-based buffer. This issues only affects OpenSSL\n 0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nExploits\n--------\n\nThere are no known exploits for this vulnerability. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "PACKETSTORM",
"id": "169647"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5364",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#308891",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2002-0655",
"trust": 2.9
},
{
"db": "BID",
"id": "5353",
"trust": 1.6
},
{
"db": "BID",
"id": "5361",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#561275",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173",
"trust": 0.7
},
{
"db": "CONECTIVA",
"id": "CLA-2002:513",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2002-033.0",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2002-033.1",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2002:046",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-23",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-02:33",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169647",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"id": "VAR-200208-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5046"
}
],
"trust": 0.38947368000000004
},
"last_update_date": "2023-12-18T11:06:11.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "secadv_20020730",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"title": "#37",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2002-155.html"
},
{
"title": "46424",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
},
{
"title": "ISC Information for VU#308891",
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/jsha-5csm74"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-155j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/5364"
},
{
"trust": 2.5,
"url": "http://www.cert.org/advisories/ca-2002-23.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/308891"
},
{
"trust": 1.7,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
},
{
"trust": 1.7,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
},
{
"trust": 1.7,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
},
{
"trust": 1.7,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/5353"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/5361"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0655"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0655"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/securitypatch"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120139"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120141"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
},
{
"trust": 0.1,
"url": "http://www.neohapsis.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
},
{
"trust": 0.1,
"url": "http://www.thebunker.net/)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20020730.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#561275"
},
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#308891"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5046"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5364"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"date": "2002-07-30T12:12:12",
"db": "PACKETSTORM",
"id": "169647"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"date": "2002-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#561275"
},
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#308891"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5046"
},
{
"date": "2015-03-19T08:28:00",
"db": "BID",
"id": "5364"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"date": "2008-09-10T19:12:39.993000",
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process",
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5364"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.9
}
}
var-200311-0091
Vulnerability from variot
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.
Vulnerabilities
-
Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.
-
Exploitation of an affected application would result in a denial of service vulnerability.
-
This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.
Who is affected?
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.
Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
References
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
and CAN-2003-0543 and CAN-2003-0544 for issue 2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200311-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tawie server linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2s"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "1.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux apache-based web server",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "esx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.05257"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.5.2"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.11"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.10"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.01"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.0"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp12",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1x86"
},
{
"model": "one directory server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "grid engine",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3x86"
},
{
"model": "grid engine sun linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 64-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 32-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.1"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat high availability",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.1"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.8.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.6.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.8"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.7"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1"
},
{
"model": "communications security ssh sentinel",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.4"
},
{
"model": "gpl",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "1.0"
},
{
"model": "express beta",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "2.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "nsure audit",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netmail e",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.1"
},
{
"model": "international cryptographic infostructure",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.6.1"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0.2"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "ichain server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "groupwise webaccess sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "groupwise internet agent",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5.1"
},
{
"model": "groupwise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "bordermanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.8"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "8.2"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "rational rose",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2000"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.28"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.26"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.2"
},
{
"model": "hp-ux aaa server a.06.01.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "wbem services for hp-ux a.01.05.05",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "isman",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.3"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.1"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.3"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.0.1"
},
{
"model": "open software",
"scope": "eq",
"trust": 0.3,
"vendor": "cray",
"version": "3.4"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "threat response",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sn storage router sn5428-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2.5.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sip proxy server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "secure policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "520"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "ciscoworks hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "3.0"
},
{
"model": "firewall server",
"scope": "eq",
"trust": 0.3,
"vendor": "borderware",
"version": "7.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "solaris 8 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one web server sp7",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp14",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 upgrade standard",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 upgrade platform",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.2"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.9"
},
{
"model": "communications security ssh sentinel",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4.1"
},
{
"model": "os",
"scope": "ne",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.5"
},
{
"model": "project openssl c",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.3"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.2"
},
{
"model": "netmail f",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "imanager",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "2.5"
},
{
"model": "edirectory su1",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "rational requisitepro",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "hp-ux aaa server a.06.01.02.04",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem services for hp-ux a.01.05.07",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NISCC uniras@niscc.gov.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0545",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0545",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0545",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#104280",
"trust": 0.8,
"value": "11.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#732952",
"trust": 0.8,
"value": "2.53"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#686224",
"trust": 0.8,
"value": "1.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#935264",
"trust": 0.8,
"value": "21.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#380864",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#255484",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CNNVD",
"id": "CNNVD-200311-033",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0545"
},
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "PACKETSTORM",
"id": "31738"
}
],
"trust": 6.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2003-0545",
"trust": 2.8
},
{
"db": "BID",
"id": "8732",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3900",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22249",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 1.1
},
{
"db": "XF",
"id": "13315",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "CA-2003-26",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:2590",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:292",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-394",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "31738",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"id": "VAR-200311-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-29T21:30:21.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"title": "HPSBUX00290",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-290"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
},
{
"title": "HPSBUX00288",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
},
{
"title": "HPSBUX00290",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
},
{
"title": "openssl",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/openssl.html"
},
{
"title": "secadv_20030930",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://support.oracle.co.jp/open/owa/external_krown.search_doc?c_document_id=70482"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-292.html"
},
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.8,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 4.5,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"trust": 4.0,
"url": "http://wp.netscape.com/eng/ssl3/"
},
{
"trust": 4.0,
"url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
},
{
"trust": 3.9,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"trust": 3.2,
"url": "http://www.ietf.org/html.charters/pkix-charter.html"
},
{
"trust": 2.7,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/8732"
},
{
"trust": 1.9,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22249"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3900"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2590"
},
{
"trust": 0.9,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
},
{
"trust": 0.8,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/pkcs/"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0545"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/13315"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-26"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2003-26"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0545"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3900"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2590"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/swupdates/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/esx/esx2-openssh.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/products/firewall.php"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/gsx_security.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
},
{
"trust": 0.3,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
},
{
"trust": 0.3,
"url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3040.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
},
{
"trust": 0.3,
"url": "http://www.ingate.com/relnote-331.php"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/security-alerts/"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3041.html"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/476/"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/477/"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-08.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 0.3,
"url": "/archive/1/343055"
},
{
"trust": 0.1,
"url": "https://www.niscc.gov.uk)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2003-09-30T00:00:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"date": "2003-09-30T16:10:22",
"db": "PACKETSTORM",
"id": "31738"
},
{
"date": "2003-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"date": "2003-11-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2016-07-06T14:32:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000287"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-033"
},
{
"date": "2018-05-03T01:29:00",
"db": "NVD",
"id": "CVE-2003-0545"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SSL/TLS implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-033"
}
],
"trust": 0.6
}
}
var-200904-0271
Vulnerability from variot
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0985",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0985",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0985",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"id": "VAR-200904-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:02.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.547000",
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2012-10-23T03:04:25.787000",
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Core RDBMS Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
}
}
var-202207-0506
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"cve": "CVE-2020-35166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35166",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377257",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35166",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35166",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35166",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-832",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377257",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35166",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377257"
},
{
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\u00a0versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "VULHUB",
"id": "VHN-377257"
},
{
"db": "VULMON",
"id": "CVE-2020-35166"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35166",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84614",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377257",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35166",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377257"
},
{
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"id": "VAR-202207-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377257"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-02T22:55:28.389000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200704"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35166"
},
{
"trust": 0.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35166/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377257"
},
{
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377257"
},
{
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377257"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"date": "2022-07-11T20:15:08.383000",
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377257"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35166"
},
{
"date": "2023-09-25T06:02:00",
"db": "JVNDB",
"id": "JVNDB-2019-016808"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-832"
},
{
"date": "2024-02-02T16:15:45.083000",
"db": "NVD",
"id": "CVE-2020-35166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016808"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-832"
}
],
"trust": 0.6
}
}
var-200904-0258
Vulnerability from variot
Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0972",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0972",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0972",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"id": "VAR-200904-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:59:01.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0972"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0972"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.313000",
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"date": "2014-09-08T17:56:11.040000",
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.6
}
}
var-202207-0796
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0796",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29508"
}
]
},
"cve": "CVE-2020-29508",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-29508",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-376212",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29508",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-29508",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-29508",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-838",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-376212",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-29508",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "VULMON",
"id": "CVE-2020-29508"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29508",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84620",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-376212",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-29508",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"id": "VAR-202207-0796",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376212"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:48:39.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Micro Edition Suite and Dell BSAFE Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200902"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29508"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-29508/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376212"
},
{
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-376212"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"date": "2022-07-11T20:15:08.207000",
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-376212"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29508"
},
{
"date": "2023-09-25T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2019-016811"
},
{
"date": "2022-11-29T02:50:52.710000",
"db": "NVD",
"id": "CVE-2020-29508"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-838"
}
],
"trust": 0.6
}
}
var-201410-1418
Vulnerability from variot
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
OS X Server v3.2.2 is now available and addresses the following:
Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team
OS X Server v3.2.2 may be obtained from the Mac App Store. HP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before v9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2, Redhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================ Ubuntu Security Notice USN-2486-1 January 27, 2015
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6.
Software Description: - openjdk-6: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593)
A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. (CVE-2015-0383)
A vulnerability was discovered in the OpenJDK JRE related to availability. (CVE-2015-0410)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2486-1 CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
Package Information: https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1 . A second vulnerability could be exploited remotely to cause a Denial of Service (DoS).
Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect Enterprise Manager SDK v7.4.1 or later. The vulnerabilities may lead to remote disclosure of information.
The update is available from HPE Software Depot: https://h20392.www2.hpe.com/ portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com
Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported through March 28, 2016.
SSLv3 is enabled by default in all version 5 HP Insight Remote Support Clients. HP recommends that customers, if possible, should migrate to Insight Remote Support Version 7.2 which has been updated with a preliminary resolution to the vulnerability. This bulletin will be revised when the final resolution update is available.
Please refer to the following Insight Remote Support Version 7.2 documents for recommendations on migrating to Insight Remote Support Version 7.2:
http://www.hp.com/go/insightremotesupport/docs
HP Insight Remote Support 7.2 Upgrade Guide
HP Insight Remote Support 7.2 Release Notes
HISTORY Version:1 (rev.1) - 5 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-14:23.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2014-10-21 Affects: All supported versions of FreeBSD. Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567]. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].
III. Impact
A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]
By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].
An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 8.4, 9.1 and 9.2]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08 Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+ RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx 9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0 nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh 89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU cZ84y1sCp0qHtTqKuak9 =ywze -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04720842
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04720842 Version: 1
HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-06-26 Last Updated: 2015-06-26
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3566 (SSRT101114)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION HP has provided firmware updates for impacted printers as in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:
Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".
Firmware Updates Table
Product Name Model Number Firmware Revision
HP Color LaserJet CP5525 CE707A,CE708A,CE709A 2305081_000127 (or higher)
HP Color LaserJet Enterprise M552 B5L23A 2305076_518484 (or higher)
HP Color LaserJet Enterprise M553 B5L24A, B5L25A, B5L26A 2305076_518484 (or higher)
HP Color LaserJet Enterprise M651 CZ255A, CZ256A, CZ257A, CZ258A 2305076_518492 (or higher)
HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A 2305081_000144 (or higher)
HP Color LaserJet M680 CZ250A, CA251A 2305076_518489 (or higher)
HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A 2305076_518499 (or higher)
HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A 2305076_518487 (or higher)
HP LaserJet Enterprise 600 M601 CE989A, CE990A 2305083_000199 (or higher)
HP LaserJet Enterprise 600 M602 CE991A, CE992A, CE993A 2305083_000199 (or higher)
HP LaserJet Enterprise 600 M603xh CE994A, CE995A, CE996A 2305083_000199 (or higher)
HP LaserJet Enterprise 700 color MFP M775 series CC522A, CC523A, CC524A 2305076_518498 (or higher)
HP LaserJet Enterprise 700 M712xh CF235A, CF236A, CF238A 2305083_000196 (or higher)
HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A 2305076_518493 (or higher)
HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A 2305076_518488 (or higher)
HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A 2305083_000200 (or higher)
HP LaserJet Enterprise Color flow MFP M575c CD646A 2305076_518499 (or higher)
HP LaserJet Enterprise flow M830z MFP CF367A 2305076_518490 (or higher)
HP LaserJet Enterprise flow MFP M525c CF118A 2305076_518487 (or higher)
HP LaserJet Enterprise Flow MFP M630z B3G85A 2305076_518483 (or higher)
HP LaserJet Enterprise M4555 MFP CE503A, CE504A, CE738A 2305083_000222 (or higher)
HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A 2305083_000206 (or higher)
HP LaserJet Enterprise M604 E6B67A, E6B68A 2305076_518485 (or higher)
HP LaserJet Enterprise M605 E6B69A, E6B70A. E6B71A 2305076_518485 (or higher)
HP LaserJet Enterprise M606 E6B72A, E6B73A 2305076_518485 (or higher)
HP LaserJet Enterprise M806 CZ244A, CZ245A 2305081_000143 (or higher)
HP LaserJet Enterprise MFP M630 J7X28A 2305076_518483 (or higher)
HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A 2305076_518496 (or higher)
HP Scanjet Enterprise 8500FN1 Document Capture Workstation L2717A 2305076_518479 (or higher)
HP OfficeJet Enterprise Color X555 C2S11A, C2S12A 2305076_518491 (or higher)
HP OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A 2305076_518486 (or higher)
HP LaserJet P3005 Q7812A 02.190.3 (or higher)
HP Color LaserJet CP3505 CB442A 03.160.2 (or higher)
HP LaserJet 5200L Q7543A 08.241.0 (or higher)
HP LaserJet 5200N Q7543A 08.241.0 (or higher)
HP LaserJet 4240 Q7785A 08.250.2 (or higher)
HP LaserJet 4250 Q5400A 08.250.2 (or higher)
HP LaserJet 4350 Q5407A 08.250.2 (or higher)
HP LaserJet 9040 Q7697A 08.260.3 (or higher)
HP LaserJet 9050 Q7697A 08.260.3 (or higher)
HP LaserJet 9040 Multifunction Printer Q3721A 08.290.2 (or higher)
HP LaserJet 9050 Multifunction Printer Q3721A 08.290.2 (or higher)
HP 9200c Digital Sender Q5916A 09.271.3 (or higher)
HP LaserJet 4345 Multifunction Printer Q3942A 09.310.2 (or higher)
HP LaserJet P2055 Printer CE456A, CE457A, CE459A, CE460A, 20141201 (or higher)
HP Color LaserJet 3000 Q7534A 46.080.2 (or higher)
HP Color LaserJet 3800 Q5981A 46.080.8 (or higher)
HP Color LaserJet 4700 Q7492A 46.230.6 (or higher)
HP Color LaserJet CP4005 CB503A 46.230.6 (or higher)
HP Color LaserJet 4730 Multifunction Printer Q7517A 46.380.3 (or higher)
HP LaserJet Pro 200 color Printer M251n, nw CF146A, CF147A 20150112 (or higher)
HP LaserJet Pro 500 color MFP M570dn, dw CZ271A, CZ272A 20150112 (or higher)
HP LaserJet Pro M521dn, dw MFP A8P79A, A8P80A 20150112 (or higher)
HP Color LaserJet Pro MFP M476dn, dw, nw CF385A, CF386A, CF387A 20150112 (or higher)
HP LaserJet Pro 400 MFP M425dn, dw CF286A, CF28A 20150112 (or higher)
HP LaserJet Pro 200 color MFP M276n, nw CF144A, CF145A 20150112 (or higher)
HP LaserJet Pro 400 M401a, d, dn, dne, dw, n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A 20150112 (or higher)
HP LaserJet Pro P1566 Printer CE663A, CE749A 20150116 (or higher)
HP LaserJet Pro 300 Color MFP M375nw CE903A 20150126 (or higher)
HP LaserJet Pro 400 Color MFP M475dn, dw CE863A, CE864A 20150126 (or higher)
HP TopShot LaserJet Pro M275 MFP CF040A 20150126 (or higher)
HP LaserJet 300 color M351a CE955A 20150126 (or higher)
HP LaserJet 400 color M451dn, dw, nw CE956A, CE957A, CE958A 20150126 (or higher)
HP LaserJet Pro MFP M125a CZ172A 20150214 (or higher)
HP LaserJet Pro MFP M126a CZ174A 20150215 (or higher)
HP LaserJet Pro MFP M125nw CZ173A 20150228 (or higher)
HP LaserJet Pro MFP M126nw CZ175A 20150228 (or higher)
HP LaserJet Pro MFP M127fn, fw CZ181A, CZ183A 20150228 (or higher)
HP LaserJet Pro MFP M128fn, fp, fw CZ184A, CZ185A, CZ186A 20150228 (or higher)
HP Color LaserJet Pro MFP M176n, fw CF547A, CZ165A 20150228 (or higher)
HP LaserJet Pro P1102, w CE651A, CE657A 20150313 (or higher)
HP LaserJet Pro P1106 CE653A 20150313 (or higher)
HP LaserJet Pro P1108 CE655A 20150313 (or higher)
LaserJet Pro M435nw MFP A3E42A 20150316 (or higher)
HP LaserJet Pro M701a, n B6S00A, B6S01A 20150316 (or higher)
HP LaserJet Pro M706n B6S02A 20150316 (or higher)
HP LaserJet Professional M1212nf MFP CE841A 20150405 (or higher)
HP LaserJet Professional M1213nf MFP CE845A 20150405 (or higher)
HP LaserJet Professional M1214nfh MFP CE843A 20150405 (or higher)
HP LaserJet Professional M1216nfh MFP CE842A 20150405 (or higher)
HP LaserJet Professional M1217nfw MFP CE844A 20150405 (or higher)
HP HotSpot LaserJet Pro M1218nfs MFP B4K88A 20150405 (or higher)
HP LaserJet Professional M1219nf MFP CE846A 20150405 (or higher)
HP LaserJet Pro CP1025, nw CE913A, CE914A, CF346A, CF346A 20150413 (or higher)
HP Officejet Pro X451dn Printer CN459A BNP1CN1502AR (or higher)
HP Officejet Pro X451dw Printer CN463A BWP1CN1502AR (or higher)
HP Officejet Pro X551dw Printer CV037A BZP1CN1502AR (or higher)
HP Officejet Pro X476dn MFP CN460A LNP1CN1502BR (or higher)
HP Officejet Pro X476dw MFP CN461A LWP1CN1502BR (or higher)
HP Officejet Pro X576dw MFP CN598A LZP1CN1502BR (or higher)
HP Officejet Pro 276dw MFP CR770A FRP1CN1517AR (or higher)
HP Officejet Pro 8610/15/16 e-All-in-One Printer A7F64A, D7Z36A, J5T77A FDP1CN1502AR (or higher)
HP Officejet Pro 8620/25 e-All-in-One Printer A7F65A, D7Z37A FDP1CN1502AR (or higher)
HP Officejet Pro 8630 e-All-in-One Printer A7F66A FDP1CN1502AR (or higher)
HP Jetdirect 620n EIO Card J7934G V29.26 (or higher)
HP Jetdirect ew2500 802.11b/g Wireless Print Server J8021A V41.16 (or higher)
HP Jetdirect 690n EIO Card J8007A V41.16 (or higher)
HP Jetdirect 635n EIO Card J7961G V41.16 (or higher)
HP Jetdirect 695n EIO Card J8024A V41.16 (or higher)
HP Jetdirect 640n EIO Card J8025A V45.35 (or higher)
HISTORY Version:1 (rev.1) - 26 June 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.6"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8q"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8f"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.5"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8w"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.7"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.6"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8s"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zb"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8n"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "9.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "mageia",
"scope": "eq",
"trust": 1.0,
"vendor": "mageia",
"version": "3.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8z"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.3"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8y"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8p"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "10.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8g"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8c"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8u"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.4"
},
{
"model": "mageia",
"scope": "eq",
"trust": 1.0,
"vendor": "mageia",
"version": "4.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.1"
},
{
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8r"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8m"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8t"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8j"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8za"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "129426"
},
{
"db": "PACKETSTORM",
"id": "133368"
},
{
"db": "PACKETSTORM",
"id": "130644"
},
{
"db": "PACKETSTORM",
"id": "131011"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "130817"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
},
{
"db": "PACKETSTORM",
"id": "132469"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3566",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71506",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3566",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-71506",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-4 OS X Server v3.2.2\n\nOS X Server v3.2.2 is now available and addresses the following:\n\nServer\nAvailable for: OS X Mavericks v10.9.5 or later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\n\nOS X Server v3.2.2 may be obtained from the Mac App Store. \nHP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before\nv9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2,\nRedhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================\nUbuntu Security Notice USN-2486-1\nJanuary 27, 2015\n\nopenjdk-6 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could exploit these to expose sensitive\ndata over the network. An attacker could exploit this to\nexpose sensitive data over the network. (CVE-2014-6593)\n\nA vulnerability was discovered in the OpenJDK JRE related to integrity and\navailability. \n(CVE-2015-0383)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \n(CVE-2015-0410)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1\n icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any Java\napplications or applets to make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2486-1\n CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,\n CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,\n CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,\n CVE-2015-0412\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1\n https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1\n. A second vulnerability could be exploited remotely\nto cause a Denial of Service (DoS). \n\nContact vcemsdksupportteam@hp.com to request the HP Virtual Connect\nEnterprise Manager SDK v7.4.1 or later. The\nvulnerabilities may lead to remote disclosure of information. \n\nThe update is available from HPE Software Depot: https://h20392.www2.hpe.com/\nportal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com\n\nNote: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade\nto OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported\nthrough March 28, 2016. \n\nSSLv3 is enabled by default in all version 5 HP Insight Remote Support\nClients. HP recommends that customers, if possible, should\nmigrate to Insight Remote Support Version 7.2 which has been updated with a\npreliminary resolution to the vulnerability. This bulletin will be revised\nwhen the final resolution update is available. \n\n Please refer to the following Insight Remote Support Version 7.2 documents\nfor recommendations on migrating to Insight Remote Support Version 7.2:\n\n http://www.hp.com/go/insightremotesupport/docs\n\n HP Insight Remote Support 7.2 Upgrade Guide\n HP Insight Remote Support 7.2 Release Notes\n\nHISTORY\nVersion:1 (rev.1) - 5 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-14:23.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2014-10-21\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. [CVE-2014-3567]. This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. \n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r273151\nreleng/8.4/ r273416\nstable/9/ r273151\nreleng/9.1/ r273415\nreleng/9.2/ r273415\nreleng/9.3/ r273415\nstable/10/ r273149\nreleng/10.0/ r273415\nreleng/10.1/ r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08\nEp35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+\nRQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T\nNn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu\nzWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G\nLk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG\no631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx\n9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0\nnKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh\n89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk\nov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU\ncZ84y1sCp0qHtTqKuak9\n=ywze\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04720842\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04720842\nVersion: 1\n\nHPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and\nMFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-06-26\nLast Updated: 2015-06-26\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP\nLaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and\ncertain HP JetDirect Networking cards using OpenSSL. This is the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3566 (SSRT101114)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHP has provided firmware updates for impacted printers as in the table below. \nTo obtain the updated firmware, go to www.hp.com and follow these steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n 2305081_000127 (or higher)\n\nHP Color LaserJet Enterprise M552\n B5L23A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M553\n B5L24A, B5L25A, B5L26A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M651\n CZ255A, CZ256A, CZ257A, CZ258A\n 2305076_518492 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n 2305081_000144 (or higher)\n\nHP Color LaserJet M680\n CZ250A, CA251A\n 2305076_518489 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise 600 M601\n CE989A, CE990A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M602\n CE991A, CE992A, CE993A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M603xh\n CE994A, CE995A, CE996A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 700 color MFP M775 series\n CC522A, CC523A, CC524A\n 2305076_518498 (or higher)\n\nHP LaserJet Enterprise 700 M712xh\n CF235A, CF236A, CF238A\n 2305083_000196 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n 2305076_518493 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n 2305076_518488 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n 2305083_000200 (or higher)\n\nHP LaserJet Enterprise Color flow MFP M575c\n CD646A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n 2305076_518490 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise Flow MFP M630z\n B3G85A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE503A, CE504A, CE738A\n 2305083_000222 (or higher)\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n 2305083_000206 (or higher)\n\nHP LaserJet Enterprise M604\n E6B67A, E6B68A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M605\n E6B69A, E6B70A. E6B71A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M606\n E6B72A, E6B73A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n 2305081_000143 (or higher)\n\nHP LaserJet Enterprise MFP M630\n J7X28A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n 2305076_518496 (or higher)\n\nHP Scanjet Enterprise 8500FN1 Document Capture Workstation\n L2717A\n 2305076_518479 (or higher)\n\nHP OfficeJet Enterprise Color X555\n C2S11A, C2S12A\n 2305076_518491 (or higher)\n\nHP OfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n 2305076_518486 (or higher)\n\nHP LaserJet P3005\n Q7812A\n 02.190.3 (or higher)\n\nHP Color LaserJet CP3505\n CB442A\n 03.160.2 (or higher)\n\nHP LaserJet 5200L\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 5200N\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 4240\n Q7785A\n 08.250.2 (or higher)\n\nHP LaserJet 4250\n Q5400A\n 08.250.2 (or higher)\n\nHP LaserJet 4350\n Q5407A\n 08.250.2 (or higher)\n\nHP LaserJet 9040\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9050\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9040 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP LaserJet 9050 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP 9200c Digital Sender\n Q5916A\n 09.271.3 (or higher)\n\nHP LaserJet 4345 Multifunction Printer\n Q3942A\n 09.310.2 (or higher)\n\nHP LaserJet P2055 Printer\n CE456A, CE457A, CE459A, CE460A,\n 20141201 (or higher)\n\nHP Color LaserJet 3000\n Q7534A\n 46.080.2 (or higher)\n\nHP Color LaserJet 3800\n Q5981A\n 46.080.8 (or higher)\n\nHP Color LaserJet 4700\n Q7492A\n 46.230.6 (or higher)\n\nHP Color LaserJet CP4005\n CB503A\n 46.230.6 (or higher)\n\nHP Color LaserJet 4730 Multifunction Printer\n Q7517A\n 46.380.3 (or higher)\n\nHP LaserJet Pro 200 color Printer M251n, nw\n CF146A, CF147A\n 20150112 (or higher)\n\nHP LaserJet Pro 500 color MFP M570dn, dw\n CZ271A, CZ272A\n 20150112 (or higher)\n\nHP LaserJet Pro M521dn, dw MFP\n A8P79A, A8P80A\n 20150112 (or higher)\n\nHP Color LaserJet Pro MFP M476dn, dw, nw\n CF385A, CF386A, CF387A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 MFP M425dn, dw\n CF286A, CF28A\n 20150112 (or higher)\n\nHP LaserJet Pro 200 color MFP M276n, nw\n CF144A, CF145A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 M401a, d, dn, dne, dw, n\n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A\n 20150112 (or higher)\n\nHP LaserJet Pro P1566 Printer\n CE663A, CE749A\n 20150116 (or higher)\n\nHP LaserJet Pro 300 Color MFP M375nw\n CE903A\n 20150126 (or higher)\n\nHP LaserJet Pro 400 Color MFP M475dn, dw\n CE863A, CE864A\n 20150126 (or higher)\n\nHP TopShot LaserJet Pro M275 MFP\n CF040A\n 20150126 (or higher)\n\nHP LaserJet 300 color M351a\n CE955A\n 20150126 (or higher)\n\nHP LaserJet 400 color M451dn, dw, nw\n CE956A, CE957A, CE958A\n 20150126 (or higher)\n\nHP LaserJet Pro MFP M125a\n CZ172A\n 20150214 (or higher)\n\nHP LaserJet Pro MFP M126a\n CZ174A\n 20150215 (or higher)\n\nHP LaserJet Pro MFP M125nw\n CZ173A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M126nw\n CZ175A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M127fn, fw\n CZ181A, CZ183A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M128fn, fp, fw\n CZ184A, CZ185A, CZ186A\n 20150228 (or higher)\n\nHP Color LaserJet Pro MFP M176n, fw\n CF547A, CZ165A\n 20150228 (or higher)\n\nHP LaserJet Pro P1102, w\n CE651A, CE657A\n 20150313 (or higher)\n\nHP LaserJet Pro P1106\n CE653A\n 20150313 (or higher)\n\nHP LaserJet Pro P1108\n CE655A\n 20150313 (or higher)\n\nLaserJet Pro M435nw MFP\n A3E42A\n 20150316 (or higher)\n\nHP LaserJet Pro M701a, n\n B6S00A, B6S01A\n 20150316 (or higher)\n\nHP LaserJet Pro M706n\n B6S02A\n 20150316 (or higher)\n\nHP LaserJet Professional M1212nf MFP\n CE841A\n 20150405 (or higher)\n\nHP LaserJet Professional M1213nf MFP\n CE845A\n 20150405 (or higher)\n\nHP LaserJet Professional M1214nfh MFP\n CE843A\n 20150405 (or higher)\n\nHP LaserJet Professional M1216nfh MFP\n CE842A\n 20150405 (or higher)\n\nHP LaserJet Professional M1217nfw MFP\n CE844A\n 20150405 (or higher)\n\nHP HotSpot LaserJet Pro M1218nfs MFP\n B4K88A\n 20150405 (or higher)\n\nHP LaserJet Professional M1219nf MFP\n CE846A\n 20150405 (or higher)\n\nHP LaserJet Pro CP1025, nw\n CE913A, CE914A, CF346A, CF346A\n 20150413 (or higher)\n\nHP Officejet Pro X451dn Printer\n CN459A\n BNP1CN1502AR (or higher)\n\nHP Officejet Pro X451dw Printer\n CN463A\n BWP1CN1502AR (or higher)\n\nHP Officejet Pro X551dw Printer\n CV037A\n BZP1CN1502AR (or higher)\n\nHP Officejet Pro X476dn MFP\n CN460A\n LNP1CN1502BR (or higher)\n\nHP Officejet Pro X476dw MFP\n CN461A\n LWP1CN1502BR (or higher)\n\nHP Officejet Pro X576dw MFP\n CN598A\n LZP1CN1502BR (or higher)\n\nHP Officejet Pro 276dw MFP\n CR770A\n FRP1CN1517AR (or higher)\n\nHP Officejet Pro 8610/15/16 e-All-in-One Printer\n A7F64A, D7Z36A, J5T77A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8620/25 e-All-in-One Printer\n A7F65A, D7Z37A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8630 e-All-in-One Printer\n A7F66A\n FDP1CN1502AR (or higher)\n\nHP Jetdirect 620n EIO Card\n J7934G\n V29.26 (or higher)\n\nHP Jetdirect ew2500 802.11b/g Wireless Print Server\n J8021A\n V41.16 (or higher)\n\nHP Jetdirect 690n EIO Card\n J8007A\n V41.16 (or higher)\n\nHP Jetdirect 635n EIO Card\n J7961G\n V41.16 (or higher)\n\nHP Jetdirect 695n EIO Card\n J8024A\n V41.16 (or higher)\n\nHP Jetdirect 640n EIO Card\n J8025A\n V45.35 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 26 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3566"
},
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "PACKETSTORM",
"id": "128732"
},
{
"db": "PACKETSTORM",
"id": "129426"
},
{
"db": "PACKETSTORM",
"id": "133368"
},
{
"db": "PACKETSTORM",
"id": "130644"
},
{
"db": "PACKETSTORM",
"id": "131011"
},
{
"db": "PACKETSTORM",
"id": "130125"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "130817"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
},
{
"db": "PACKETSTORM",
"id": "128808"
},
{
"db": "PACKETSTORM",
"id": "132469"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71506",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3566",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61130",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61995",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60792",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61019",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61316",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61827",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61782",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60056",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61810",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61819",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61825",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60206",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61303",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61359",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61345",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59627",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60859",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61926",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031120",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031106",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031124",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031091",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031095",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031088",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031093",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031105",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031094",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031087",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031090",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031107",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031132",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031085",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031039",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031096",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031131",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031029",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031123",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031086",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031130",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031092",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031089",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA14-290A",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10091",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10104",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10090",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#577193",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.1
},
{
"db": "BID",
"id": "70574",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "132469",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131011",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130125",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128732",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136577",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129401",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130334",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133368",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130817",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129426",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130184",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129150",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132573",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128669",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129265",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136599",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128921",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129614",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129065",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139063",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129266",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128863",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130332",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132641",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129528",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133836",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129071",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130086",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131535",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131790",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133600",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130072",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129120",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201410-267",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92692",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128808",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "PACKETSTORM",
"id": "128732"
},
{
"db": "PACKETSTORM",
"id": "129426"
},
{
"db": "PACKETSTORM",
"id": "133368"
},
{
"db": "PACKETSTORM",
"id": "130644"
},
{
"db": "PACKETSTORM",
"id": "131011"
},
{
"db": "PACKETSTORM",
"id": "130125"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "130817"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
},
{
"db": "PACKETSTORM",
"id": "128808"
},
{
"db": "PACKETSTORM",
"id": "132469"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"id": "VAR-201410-1418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:21:29.859000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2486-1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031029"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031039"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031085"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031086"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031087"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031088"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031089"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031090"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031091"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031092"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031093"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031094"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031095"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031096"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031105"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031106"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031107"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031120"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031123"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031124"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031130"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031131"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031132"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59627"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60056"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60206"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60792"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60859"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61019"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61130"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61303"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61316"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61345"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61359"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61782"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61810"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61819"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61825"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61827"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61926"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61995"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/70574"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1653.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1876.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1877.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1880.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1881.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1882.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1920.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1948.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0068.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0079.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0080.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0085.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0086.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0264.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0698.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1545.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1546.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-290a"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2487-1"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://advisories.mageia.org/mgasa-2014-0416.html"
},
{
"trust": 1.1,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"trust": 1.1,
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"trust": 1.1,
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"trust": 1.1,
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"trust": 1.1,
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"trust": 1.1,
"url": "http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf"
},
{
"trust": 1.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2014-011.html"
},
{
"trust": 1.1,
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034"
},
{
"trust": 1.1,
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/ht204244"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx200238"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2015-0003.html"
},
{
"trust": 1.1,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.1,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/articles/1232123"
},
{
"trust": 1.1,
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"trust": 1.1,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"trust": 1.1,
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"trust": 1.1,
"url": "https://github.com/mpgn/poodle-poc"
},
{
"trust": 1.1,
"url": "https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.1,
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205217"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6527"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6529"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6531"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6535"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6536"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6541"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6542"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"trust": 1.1,
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"trust": 1.1,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
},
{
"trust": 1.1,
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"trust": 1.1,
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"trust": 1.1,
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"trust": 1.1,
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"trust": 1.1,
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10090"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10104"
},
{
"trust": 0.8,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.8,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.7,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141577350823734\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141576815022399\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141620103726640\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141697638231025\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141703183219781\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141697676231104\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141775427104070\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141814011518700\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141715130023061\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141813976718456\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142118135300698\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142296755107581\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142354438527235\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350743917559\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350196615714\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350298616097\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142357976805598\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142962817202793\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290371927178\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144294141001552\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145983526810210\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141450973807288\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142721887231400\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142804214608580\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141450452204552\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141628688425177\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141577087123040\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141694355519663\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141879378918327\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290583027876\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143628269912142\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143039249603103\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142495837901899\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290522027658\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624719706349\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290437727362\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624590206005\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624679706236\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142740155824959\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142721830231196\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142791032306609\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144101915224472\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558137709884\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558192010071\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142805027510172\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142546741516006\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144251162130364\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141477196830952\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143101048219218\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142496355704097\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142607790919348\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=openssl-dev\u0026amp;m=141333049205629\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10090"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10091"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10104"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5263732\u0026swlango"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5331223\u0026swlango"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6585"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0400"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0410"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://www.hpe.com"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/insightremotesupport/docs"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc"
},
{
"trust": 0.1,
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e"
},
{
"trust": 0.1,
"url": "https://www.hp.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "PACKETSTORM",
"id": "128732"
},
{
"db": "PACKETSTORM",
"id": "129426"
},
{
"db": "PACKETSTORM",
"id": "133368"
},
{
"db": "PACKETSTORM",
"id": "130644"
},
{
"db": "PACKETSTORM",
"id": "131011"
},
{
"db": "PACKETSTORM",
"id": "130125"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "130817"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
},
{
"db": "PACKETSTORM",
"id": "128808"
},
{
"db": "PACKETSTORM",
"id": "132469"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "PACKETSTORM",
"id": "128732"
},
{
"db": "PACKETSTORM",
"id": "129426"
},
{
"db": "PACKETSTORM",
"id": "133368"
},
{
"db": "PACKETSTORM",
"id": "130644"
},
{
"db": "PACKETSTORM",
"id": "131011"
},
{
"db": "PACKETSTORM",
"id": "130125"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "130817"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
},
{
"db": "PACKETSTORM",
"id": "128808"
},
{
"db": "PACKETSTORM",
"id": "132469"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-71506"
},
{
"date": "2014-10-17T15:10:30",
"db": "PACKETSTORM",
"id": "128732"
},
{
"date": "2014-12-09T23:13:22",
"db": "PACKETSTORM",
"id": "129426"
},
{
"date": "2015-08-28T19:02:22",
"db": "PACKETSTORM",
"id": "133368"
},
{
"date": "2015-03-05T14:44:00",
"db": "PACKETSTORM",
"id": "130644"
},
{
"date": "2015-03-25T00:41:42",
"db": "PACKETSTORM",
"id": "131011"
},
{
"date": "2015-01-28T00:26:54",
"db": "PACKETSTORM",
"id": "130125"
},
{
"date": "2015-02-10T17:43:07",
"db": "PACKETSTORM",
"id": "130334"
},
{
"date": "2015-03-13T17:11:14",
"db": "PACKETSTORM",
"id": "130817"
},
{
"date": "2016-04-06T13:28:14",
"db": "PACKETSTORM",
"id": "136577"
},
{
"date": "2014-12-05T15:08:08",
"db": "PACKETSTORM",
"id": "129401"
},
{
"date": "2014-10-22T19:54:29",
"db": "PACKETSTORM",
"id": "128808"
},
{
"date": "2015-06-29T15:36:03",
"db": "PACKETSTORM",
"id": "132469"
},
{
"date": "2014-10-15T00:55:02.137000",
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71506"
},
{
"date": "2023-09-12T14:55:31.563000",
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129401"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Security Advisory 2014-10-16-4",
"sources": [
{
"db": "PACKETSTORM",
"id": "128732"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "130125"
}
],
"trust": 0.1
}
}
var-200904-0273
Vulnerability from variot
Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g (11.1.0.6), if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their April 2009 Critical Patch Update and maps to the currently unspecified vulnerability at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988 Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/
-- E-MAIL DISCLAIMER
The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments.
The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain.
NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF with Company Number 04225835 and VAT Number 783096402 . ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0988",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0988",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Many security standards require the tracking of users\u0027 password history to \nprevent password re-use. In Oracle 11g (11.1.0.6), if a security \nadministrator has enabled 11g passwords exclusively then tracking password \nhistory is broken. This can affect compliance. This was addressed by Oracle \nin their April 2009 Critical Patch Update and maps to the currently \nunspecified vulnerability at \nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988\nCheers,\nDavid Litchfield\nNGSSoftware Ltd\nhttp://www.ngssoftware.com/\n\n--\nE-MAIL DISCLAIMER\n\nThe information contained in this email and any subsequent\ncorrespondence is private, is solely for the intended recipient(s) and\nmay contain confidential or privileged information. For those other than\nthe intended recipient(s), any disclosure, copying, distribution, or any\nother action taken, or omitted to be taken, in reliance on such\ninformation is prohibited and may be unlawful. If you are not the\nintended recipient and have received this message in error, please\ninform the sender and delete this mail and any attachments. \n\nThe views expressed in this email do not necessarily reflect NGS policy. \nNGS accepts no liability or responsibility for any onward transmission\nor use of emails and attachments having left the NGS domain. \n\nNGS and NGSSoftware are trading names of Next Generation Security\nSoftware Ltd. Registered office address: Manchester Technology Centre,\nOxford Road, Manchester, M1 7EF with Company Number 04225835 and\nVAT Number 783096402\n. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0988",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53740",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "80626",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"id": "VAR-200904-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:16:25.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53740"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0988"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2009-08-26T00:13:44",
"db": "PACKETSTORM",
"id": "80626"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.593000",
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2012-10-23T03:04:26.570000",
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Password Policy Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
}
}
var-200904-0259
Vulnerability from variot
Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0973",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0973",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0973",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0973",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53736",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"id": "VAR-200904-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:15:59.966000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53736"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.327000",
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2012-10-23T03:04:22.633000",
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Cluster Ready Services Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
}
}
var-202207-0505
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.2"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29506"
}
]
},
"cve": "CVE-2020-29506",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-29506",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-376210",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29506",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-29506",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-29506",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-835",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-376210",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-29506",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376210"
},
{
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "VULHUB",
"id": "VHN-376210"
},
{
"db": "VULMON",
"id": "CVE-2020-29506"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29506",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84617",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-376210",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-29506",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376210"
},
{
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"id": "VAR-202207-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376210"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:42:02.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200707"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29506"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-29506/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376210"
},
{
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376210"
},
{
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-376210"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"date": "2022-07-11T20:15:08.083000",
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-376210"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29506"
},
{
"date": "2023-09-25T06:23:00",
"db": "JVNDB",
"id": "JVNDB-2019-016813"
},
{
"date": "2022-11-29T02:57:45.313000",
"db": "NVD",
"id": "CVE-2020-29506"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-835"
}
],
"trust": 0.6
}
}
var-200208-0244
Vulnerability from variot
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. ***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2002-04
November 26, 2002
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. Reports received by the CERT/CC indicate
that the Apache/mod_ssl worm has already infected thousands of
systems. Over a month earlier, the CERT/CC issued an advisory
(CA-2002-23) describing four remotely exploitable buffer overflows
in OpenSSL. Trojan Horse Sendmail Distribution
The CERT/CC has received confirmation that some copies of the
source code for the Sendmail package have been modified by an
intruder to contain a Trojan horse. These copies began to appear
in downloads from the FTP server ftp.sendmail.org on or around
September 28, 2002. On October 8, 2002, the CERT/CC issued an
advisory (CA-2002-28) describing various methods to verify
software authenticity.
CERT Advisory CA-2002-28
Trojan Horse Sendmail Distribution
http://www.cert.org/advisories/CA-2002-28.html
3. Trojan Horse tcpdump and libpcap Distributions
The CERT/CC has received reports that some copies of the source
code for libpcap, a packet acquisition library, and tcpdump, a
network sniffer, have been modified by an intruder and contain a
Trojan horse. These modified distributions began to appear in
downloads from the HTTP server www.tcpdump.org on or around Nov
11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5
checksums and official distribution sites for libpcap and tcpdump.
CERT Advisory CA-2002-30
Trojan Horse tcpdump and libpcap Distributions
http://www.cert.org/advisories/CA-2002-30.html
4. Multiple Vulnerabilities in BIND
The CERT/CC has documented multiple vulnerabilities in BIND, the
popular domain name server and client library software package
from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;
they are listed here individually.
CERT Advisory CA-2002-31
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-2002-31.html
Vulnerability Note #852283
Cached malformed SIG record buffer overflow
http://www.kb.cert.org/vuls/id/852283
Vulnerability Note #229595
Overly large OPT record assertion
http://www.kb.cert.org/vuls/id/229595
Vulnerability Note #581682
ISC Bind 8 fails to properly dereference cache SIG RR
elements invalid expiry times from the internal database
http://www.kb.cert.org/vuls/id/581682
Vulnerability Note #844360
Domain Name System (DNS) stub resolver libraries
vulnerable to buffer overflows via network name or
address lookups
http://www.kb.cert.org/vuls/id/844360
5. Heap Overflow Vulnerability in Microsoft Data Access Components
(MDAC)
On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)
describing a vulnerability in MDAC, a collection of Microsoft
utilities and routines that process requests between databases and
network applications.
CERT Advisory CA-2002-33
Heap Overflow Vulnerability in Microsoft Data Access
Components (MDAC)
http://www.cert.org/advisories/CA-2002-33.html
New CERT/CC PGP Key
On September 19, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information To The CERT/CC
http://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Congressional Testimony http://www.cert.org/congressional_testimony/ * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Home User Security http://www.cert.org/homeusers/HomeComputerSecurity * Tech Tips http://www.cert.org/tech_tips/ * Training Schedule http:/www.cert.org/training/
This document is available from: http://www.cert.org/summaries/CS-2002-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92002 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A 6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS ZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD OiZbNHX+eb8= =Mnbn -----END PGP SIGNATURE----- . OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
-
The client master key in SSL2 could be oversized and overrun a buffer. Exploit code is NOT available at this time.
-
This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
-
Various buffers for ASCII representations of integers were too small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt
Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "trustix",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openldap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "isc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "*"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.1,
"vendor": "apple",
"version": "10.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu glibc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "metasolv",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "engarde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "application server",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2.0.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9ias"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.1"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "internet express eak",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.2"
},
{
"model": "linux affinity toolkit",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "linux rc3",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "openssl for openvms alpha",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl beta3",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "netmail e",
"scope": "ne",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "project openssl g",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "project openssl e",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "tru64 unix internet express",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.3"
},
{
"model": "openssl for openvms alpha -a",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "oracle9i application server",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.5"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "linux a",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.22"
},
{
"model": "ssl-r6",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.9"
},
{
"model": "safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.16"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.26"
},
{
"model": "bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "ssl-r",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.15"
},
{
"model": "ssl-rx",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "mac",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.24"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.34"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.19"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.5"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.17"
},
{
"model": "ssl-r3",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
},
{
"model": "jetdirect rev. u.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "88000"
},
{
"model": "omniaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "2100"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1000"
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "security bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77000"
},
{
"model": "rcp",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77700"
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "computing safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "3.1"
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "66000"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "78000"
},
{
"model": "jetdirect rev. l.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. u.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. l.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A.L. Digital Ltd\nThe Bunker",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2002-0656",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5047",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0656",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#258555",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#844360",
"trust": 0.8,
"value": "8.91"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#852283",
"trust": 0.8,
"value": "30.38"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#581682",
"trust": 0.8,
"value": "27.54"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#229595",
"trust": 0.8,
"value": "33.05"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#102795",
"trust": 0.8,
"value": "17.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5047",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. \nThe issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. \n***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2002-04\n\n November 26, 2002\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. The summary includes pointers to sources of\n information for dealing with the problems. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in August 2002\n (CS-2002-03), we have seen trojan horses for three popular\n distributions, new self-propagating malicious code (Apache/mod_ssl),\n and multiple vulnerabilities in BIND. In addition, we have issued a\n new PGP Key. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. Reports received by the CERT/CC indicate\n that the Apache/mod_ssl worm has already infected thousands of\n systems. Over a month earlier, the CERT/CC issued an advisory\n (CA-2002-23) describing four remotely exploitable buffer overflows\n in OpenSSL. Trojan Horse Sendmail Distribution\n\n The CERT/CC has received confirmation that some copies of the\n source code for the Sendmail package have been modified by an\n intruder to contain a Trojan horse. These copies began to appear\n in downloads from the FTP server ftp.sendmail.org on or around\n September 28, 2002. On October 8, 2002, the CERT/CC issued an\n advisory (CA-2002-28) describing various methods to verify\n software authenticity. \n\n\t\tCERT Advisory CA-2002-28\n\t\tTrojan Horse Sendmail Distribution\n\t\thttp://www.cert.org/advisories/CA-2002-28.html\n\n\n 3. Trojan Horse tcpdump and libpcap Distributions\n\n The CERT/CC has received reports that some copies of the source\n code for libpcap, a packet acquisition library, and tcpdump, a\n network sniffer, have been modified by an intruder and contain a\n Trojan horse. These modified distributions began to appear in\n downloads from the HTTP server www.tcpdump.org on or around Nov\n 11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5\n checksums and official distribution sites for libpcap and tcpdump. \n\n\t\tCERT Advisory CA-2002-30\n\t\tTrojan Horse tcpdump and libpcap Distributions\n\t\thttp://www.cert.org/advisories/CA-2002-30.html\n\n\n 4. Multiple Vulnerabilities in BIND\n\n The CERT/CC has documented multiple vulnerabilities in BIND, the\n popular domain name server and client library software package\n from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;\n they are listed here individually. \n\n\t\tCERT Advisory CA-2002-31\n\t\tMultiple Vulnerabilities in BIND\n\t\thttp://www.cert.org/advisories/CA-2002-31.html\n\n\t\tVulnerability Note #852283\n\t\tCached malformed SIG record buffer overflow\n\t\thttp://www.kb.cert.org/vuls/id/852283\n\n\t\tVulnerability Note #229595\n\t\tOverly large OPT record assertion\n\t\thttp://www.kb.cert.org/vuls/id/229595\n\n\t\tVulnerability Note #581682\n\t\tISC Bind 8 fails to properly dereference cache SIG RR \n\t\telements invalid expiry times from the internal database\n\t\thttp://www.kb.cert.org/vuls/id/581682\n\n\t\tVulnerability Note #844360\n\t\tDomain Name System (DNS) stub resolver libraries \n\t\tvulnerable to buffer overflows via network name or \n\t\taddress lookups\n\t\thttp://www.kb.cert.org/vuls/id/844360\n\n 5. Heap Overflow Vulnerability in Microsoft Data Access Components\n (MDAC)\n\n On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)\n describing a vulnerability in MDAC, a collection of Microsoft\n utilities and routines that process requests between databases and\n network applications. \n\n\t CERT Advisory CA-2002-33\n\t Heap Overflow Vulnerability in Microsoft Data Access \n\t Components (MDAC)\n\t http://www.cert.org/advisories/CA-2002-33.html\n ______________________________________________________________________\n\nNew CERT/CC PGP Key\n\n On September 19, the CERT/CC issued a new PGP key, which should be\n used when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n Sending Sensitive Information To The CERT/CC\n\n http://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Congressional Testimony\n http://www.cert.org/congressional_testimony/\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Home User Security\n http://www.cert.org/homeusers/HomeComputerSecurity\n * Tech Tips\n http://www.cert.org/tech_tips/\n * Training Schedule\n http:/www.cert.org/training/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2002-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\n Using encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\n Getting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92002 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A\n6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS\nZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD\nOiZbNHX+eb8=\n=Mnbn\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\n1. The client master key in SSL2 could be oversized and overrun a\n buffer. Exploit code is\n NOT available at this time. \n\n2. \n\n3. This issues only affects OpenSSL\n 0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. Various buffers for ASCII representations of integers were too\n small on 64 bit platforms. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
}
],
"trust": 6.84
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5047",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40347",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0656",
"trust": 3.3
},
{
"db": "BID",
"id": "5362",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#102795",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#258555",
"trust": 2.8
},
{
"db": "BID",
"id": "5363",
"trust": 1.5
},
{
"db": "CERT/CC",
"id": "VU#844360",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#852283",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#581682",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#229595",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "40347",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-75494",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75495",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5047",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30532",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169647",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"id": "VAR-200208-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
}
],
"trust": 0.38947368000000004
},
"last_update_date": "2023-12-18T11:36:12Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1041818851527+28353475\u0026amp;docid=hpsbux0209-217"
},
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0209-217.html"
},
{
"title": "secadv_20020730",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"title": "#37",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslalert.html"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2002-155.html"
},
{
"title": "46424",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2002-155j.html"
},
{
"title": "Debian Security Advisories: DSA-136-1 openssl -- multiple remote exploits",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8ab1654e85c2f0d32d45eef6fce839f1"
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/linuxflaw "
},
{
"title": "cve-",
"trust": 0.1,
"url": "https://github.com/oneoy/cve- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/5362"
},
{
"trust": 2.4,
"url": "http://www.isc.org/products/bind/bind-security.html"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/102795"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2002-23.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/258555"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 1.6,
"url": "http://bvlive01.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"trust": 1.6,
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/5363"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
},
{
"trust": 1.2,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9714.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9716.php"
},
{
"trust": 1.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
},
{
"trust": 0.9,
"url": "http://www.cert.org/advisories/ca-2002-27.html"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.isc.org/products/bind/patches/bind4910.diff"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20020731openssl.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-27"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-23"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
},
{
"trust": 0.6,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
},
{
"trust": 0.6,
"url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
},
{
"trust": 0.6,
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl_products_security_bulletin_aug_8_2002.pdf"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120139"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120141"
},
{
"trust": 0.4,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b4bc2930d33dc6d98cf1c6c819f241e1.html"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/support/security_advisories/security_advisory-openssl.html"
},
{
"trust": 0.3,
"url": "http://www.hp.com/cposupport/networking/support_doc/bpj05999.html#p26_2431"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/securitypatch"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-malformed-client-key-bof"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/40347/"
},
{
"trust": 0.1,
"url": "https://www.tcpdump.org"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2002-04.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/homeusers/homecomputersecurity"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/852283"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/581682"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-31.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"trust": 0.1,
"url": "https://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-30.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-33.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-28.html"
},
{
"trust": 0.1,
"url": "http://www.neohapsis.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
},
{
"trust": 0.1,
"url": "http://www.thebunker.net/)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5363"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2002-11-30T11:13:52",
"db": "PACKETSTORM",
"id": "30532"
},
{
"date": "2002-07-30T12:12:12",
"db": "PACKETSTORM",
"id": "169647"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"date": "2002-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2003-04-24T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2004-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2003-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2003-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2007-12-20T17:11:00",
"db": "BID",
"id": "5363"
},
{
"date": "2007-11-15T00:40:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2008-09-10T19:12:40.070000",
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL clients contain a buffer overflow during the SSL3 handshake process",
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 1.2
}
}
var-200904-0270
Vulnerability from variot
Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0984",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0984",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0984",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"id": "VAR-200904-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:24:38.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.530000",
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2012-10-23T03:04:25.490000",
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Database Vault Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
}
}
var-202207-0581
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35168"
}
]
},
"cve": "CVE-2020-35168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35168",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377259",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35168",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35168",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-828",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377259",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377259"
},
{
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "VULHUB",
"id": "VHN-377259"
},
{
"db": "VULMON",
"id": "CVE-2020-35168"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35168",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84611",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377259",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35168",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377259"
},
{
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"id": "VAR-202207-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377259"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:55:23.070000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200896"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35168"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35168/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377259"
},
{
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377259"
},
{
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377259"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"date": "2023-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"date": "2022-07-11T20:15:08.487000",
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377259"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35168"
},
{
"date": "2023-09-27T03:09:00",
"db": "JVNDB",
"id": "JVNDB-2019-016815"
},
{
"date": "2022-10-06T16:10:09.677000",
"db": "NVD",
"id": "CVE-2020-35168"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0and\u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-828"
}
],
"trust": 0.6
}
}
var-200904-0276
Vulnerability from variot
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0991",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0991",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0991",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53737",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "XF",
"id": "50026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"id": "VAR-200904-0276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:19.098000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53737"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50026"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50026"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.640000",
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2017-08-17T01:30:08.677000",
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Listener Vulnerabilities in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
}
}
var-200904-0277
Vulnerability from variot
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN
Name SQL Injection in package DBMS_AQIN [CVE-2009-0992] Systems Affected Oracle 10.1.0.5 - 11.1.0.7 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) CVE CVE-2009-0992 Advisory 14 April 2009 (V 1.00)
Details The package DBMS_AQIN contains a SQL injection vulnerability.
PROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)
[...]
BEGIN
SYS.DBMS_AQIN.AQ$_DEQUEUE_IN( QUEUE_NAME => 'SYS.AQ_SRVNTF_TABLE_Q', WAIT => DBMS_AQ.NO_WAIT, ENQUEUE_TIME => ENQUEUE_TIME, STATE => STATE, OUT_MSGID => OUT_MSGID, OUT_CORRELATION => OUT_CORRELATION, PRIORITY => PRIORITY, DELAY => DELAY, EXPIRATION => EXPIRATION, ATTEMPTS => ATTEMPTS, EXCEPTION_QUEUE => EXCEPTION_QUEUE, REMOTE_RECIPIENTS => REMOTE_RECIPIENT, SENDER_NAME => SENDER_NAME, SENDER_ADDR => SENDER_ADDR, SENDER_PROTOCOL => SENDER_PROTOCOL, ORIGINAL_MSGID => ORIGINAL_MSGID, RAW_USER_DATA => RAW_USER_DATA, OBJECT_USER_DATA => PAYL, OUT_SIGN => OUT_SIGN);
[...]
PROCSTR := 'begin ' || PAYL.SUB_CALLBACK || '(context => :1,'; PROCSTR := PROCSTR ||'reginfo => sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),'; PROCSTR := PROCSTR ||'descr => sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t'; PROCSTR := PROCSTR ||'(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent'; PROCSTR := PROCSTR || '(:19, :20, :21), :22, :23),'; PROCSTR := PROCSTR || ' sys.aq$_ntfn_descriptor(:24))';
Patch Information Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0992",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0992",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN\n\nName \t SQL Injection in package DBMS_AQIN [CVE-2009-0992]\nSystems Affected Oracle 10.1.0.5 - 11.1.0.7\nSeverity High Risk\nCategory SQL Injection\nVendor URL http://www.oracle.com/\nAuthor Alexander Kornbrust (ak at red-database-security.com)\nCVE CVE-2009-0992\nAdvisory 14 April 2009 (V 1.00)\n\n\nDetails\nThe package DBMS_AQIN contains a SQL injection vulnerability. \n\nPROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)\n\n\n[...]\n\nBEGIN\n\nSYS.DBMS_AQIN.AQ$_DEQUEUE_IN(\nQUEUE_NAME =\u003e \u0027SYS.AQ_SRVNTF_TABLE_Q\u0027,\nWAIT =\u003e DBMS_AQ.NO_WAIT,\nENQUEUE_TIME =\u003e ENQUEUE_TIME,\nSTATE =\u003e STATE,\nOUT_MSGID =\u003e OUT_MSGID,\nOUT_CORRELATION =\u003e OUT_CORRELATION,\nPRIORITY =\u003e PRIORITY,\nDELAY =\u003e DELAY,\nEXPIRATION =\u003e EXPIRATION,\nATTEMPTS =\u003e ATTEMPTS,\nEXCEPTION_QUEUE =\u003e EXCEPTION_QUEUE,\nREMOTE_RECIPIENTS =\u003e REMOTE_RECIPIENT,\nSENDER_NAME =\u003e SENDER_NAME,\nSENDER_ADDR =\u003e SENDER_ADDR,\nSENDER_PROTOCOL =\u003e SENDER_PROTOCOL,\nORIGINAL_MSGID =\u003e ORIGINAL_MSGID,\nRAW_USER_DATA =\u003e RAW_USER_DATA,\nOBJECT_USER_DATA =\u003e PAYL,\nOUT_SIGN =\u003e OUT_SIGN);\n\n[...]\n\nPROCSTR := \u0027begin \u0027 || PAYL.SUB_CALLBACK || \u0027(context =\u003e :1,\u0027;\nPROCSTR := PROCSTR ||\u0027reginfo =\u003e sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),\u0027;\nPROCSTR := PROCSTR ||\u0027descr =\u003e sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t\u0027;\nPROCSTR := PROCSTR ||\u0027(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent\u0027;\nPROCSTR := PROCSTR || \u0027(:19, :20, :21), :22, :23),\u0027;\nPROCSTR := PROCSTR || \u0027 sys.aq$_ntfn_descriptor(:24))\u0027;\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0992",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQIN",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"id": "VAR-200904-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:28:52.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502723/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502723/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0992"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:51:10",
"db": "PACKETSTORM",
"id": "76729"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.657000",
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2018-10-10T19:32:42.037000",
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
}
}
var-200904-0265
Vulnerability from variot
Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
August 27, 2009
Risk Level: Medium
Affected versions: Oracle Database Server version 9iR1 and 9iR2
Remote exploitable: Yes (Authentication to Database Server is needed)
Credits: This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc.
Details: The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed.
Impact: To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.
Vendor Status: Vendor was contacted and a patch was released.
Workaround: Restrict ALTER SYSTEM privilege.
CVE: CVE-2009-0979
Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Timeline: Vendor Notification - 8/15/2007 Fix - 07/14/2009 Public Disclosure - 08/07/2009
Application Security, Inc's database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0979",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0979",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nBuffer Overflow in Resource Manager of Oracle Database - Plan name parameter\n\nAugust 27, 2009\n\nRisk Level:\nMedium\n\nAffected versions:\nOracle Database Server version 9iR1 and 9iR2\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nThe plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed. \n\nImpact:\nTo exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict ALTER SYSTEM privilege. \n\nCVE:\nCVE-2009-0979\n\nLinks:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html\n\nTimeline:\nVendor Notification - 8/15/2007\nFix - 07/14/2009\nPublic Disclosure - 08/07/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0979",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80768",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"id": "VAR-200904-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:13.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0979"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-08-28T23:14:37",
"db": "PACKETSTORM",
"id": "80768"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.437000",
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2012-10-23T03:04:24.337000",
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Resource Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
}
}
var-201909-1540
Vulnerability from variot
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"cve": "CVE-2019-3739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3739",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3739",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3739",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3739",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155174",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3739",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155174",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"id": "VAR-201909-1540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:21.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174;-crypto-j-multiple-security-vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98405"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
},
{
"problemtype": "CWE-203",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3739"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3739"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2019-09-18T23:15:11.110000",
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2023-11-07T03:10:11.060000",
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerability related to information disclosure caused by difference in response to security related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
}
}
var-202012-1555
Vulnerability from variot
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1555",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"cve": "CVE-2020-5359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5359",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-183484",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-014490",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5359",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-183484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "VULHUB",
"id": "VHN-183484"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5359",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183484",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"id": "VAR-202012-1555",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:12:42.114000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-114",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"title": "Dell BSAFE Micro Edition Suite Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137342"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-252",
"trust": 1.1
},
{
"problemtype": "Unchecked return value (CWE-252) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5359"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-183484"
},
{
"date": "2021-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"date": "2020-12-16T16:15:14.320000",
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-183484"
},
{
"date": "2021-08-20T08:21:00",
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"date": "2021-12-09T18:21:28.610000",
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Unchecked return value vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
],
"trust": 0.6
}
}
var-202207-0507
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.2"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35169"
}
]
},
"cve": "CVE-2020-35169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35169",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35169",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-830",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377260",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35169",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "VULMON",
"id": "CVE-2020-35169"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35169",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072036",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-84612",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377260",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35169",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"id": "VAR-202207-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377260"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:22:19.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200897"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35169"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072036"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35169/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-july-2022-38858"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377260"
},
{
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377260"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"date": "2022-07-11T20:15:08.543000",
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377260"
},
{
"date": "2022-07-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35169"
},
{
"date": "2023-09-25T05:57:00",
"db": "JVNDB",
"id": "JVNDB-2019-016807"
},
{
"date": "2022-10-06T16:10:12.663000",
"db": "NVD",
"id": "CVE-2020-35169"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016807"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-830"
}
],
"trust": 0.6
}
}
var-201909-1541
Vulnerability from variot
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "threat intelligence exchange server",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0.210420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"cve": "CVE-2019-3738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3738",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3738",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3738",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3738",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-879",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "VULHUB",
"id": "VHN-155173"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3738",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10318",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3108",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"id": "VAR-201909-1541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:32:54.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174;-crypto-j-multiple-security-vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98404"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-325",
"trust": 1.1
},
{
"problemtype": "CWE-347",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10318"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3738"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3738"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3108/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10318"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155173"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"date": "2019-09-18T23:15:11.047000",
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155173"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"date": "2023-11-07T03:10:10.960000",
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerability in digital signature verification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
],
"trust": 0.6
}
}
var-200904-0266
Vulnerability from variot
Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0980",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0980",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0980",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"id": "VAR-200904-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:42:25.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.453000",
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2012-10-23T03:04:24.587000",
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of SQLX Functions Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
}
}
var-200904-0272
Vulnerability from variot
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Multiple",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0986",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0986",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0986",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53735",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"id": "VAR-200904-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:01:27.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53735"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.563000",
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2012-10-23T03:04:26.007000",
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
}
}
var-200311-0090
Vulnerability from variot
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.
Vulnerabilities
-
Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.
-
Exploitation of an affected application would result in a denial of service vulnerability.
-
This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.
Who is affected?
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.
Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
References
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
and CAN-2003-0543 and CAN-2003-0544 for issue 2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200311-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tawie server linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "1.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "cobalt qube3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "java system application server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7 platform edition update 2"
},
{
"model": "java system application server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7 standard edition update 2"
},
{
"model": "java system directory server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.1"
},
{
"model": "java system web server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4.1 sp13"
},
{
"model": "java system web server",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6.0 sp6"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6.1"
},
{
"model": "linux 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux apache-based web server",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "esx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.05257"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.5.2"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.11"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.10"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.01"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.0"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp12",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1x86"
},
{
"model": "one directory server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur1 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "grid engine",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3x86"
},
{
"model": "grid engine sun linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 64-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "grid engine 32-bit sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.3"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.1"
},
{
"model": "cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat high availability",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.1"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.9"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.8.1"
},
{
"model": "ssleay",
"scope": "eq",
"trust": 0.3,
"vendor": "ssleay",
"version": "0.6.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.8"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.7"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.6"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.5"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.4"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.3"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.2"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1.1"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.1"
},
{
"model": "communications security ssh sentinel",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "os",
"scope": "eq",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.4"
},
{
"model": "gpl",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "1.0"
},
{
"model": "express beta",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "2.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "nsure audit",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netmail e",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.3"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.0.1"
},
{
"model": "international cryptographic infostructure",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.6.1"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0.2"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "ichain server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "ichain server",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2.2"
},
{
"model": "groupwise webaccess sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise webaccess sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "groupwise internet agent",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5.1"
},
{
"model": "groupwise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.5"
},
{
"model": "groupwise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "bordermanager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.8"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.2"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "8.2"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"model": "rational rose",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2000"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.28"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.26"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.12.2"
},
{
"model": "hp-ux aaa server a.06.01.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "wbem services for hp-ux a.01.05.05",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "isman",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "bigip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.3"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.2"
},
{
"model": "ssh for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "5.1"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.3"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.2.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.1.0"
},
{
"model": "ssh for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "3.0.1"
},
{
"model": "open software",
"scope": "eq",
"trust": 0.3,
"vendor": "cray",
"version": "3.4"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "threat response",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sn storage router sn5428-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-3.2.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2.5.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.2-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sn storage router sn5428-2-3.3.1-k9",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5428"
},
{
"model": "sip proxy server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "secure policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "520"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
},
{
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "ciscoworks hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1105"
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "3.0"
},
{
"model": "firewall server",
"scope": "eq",
"trust": 0.3,
"vendor": "borderware",
"version": "7.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.0"
},
{
"model": "coat systems security gateway os",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "solaris 8 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one web server sp7",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "one web server sp14",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.1"
},
{
"model": "one directory server sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "one application server ur2 upgrade standard",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "one application server ur2 upgrade platform",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.2"
},
{
"model": "cluster",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.9"
},
{
"model": "communications security ssh sentinel",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "1.4.1"
},
{
"model": "os",
"scope": "ne",
"trust": 0.3,
"vendor": "snapgear",
"version": "1.8.5"
},
{
"model": "project openssl c",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.3"
},
{
"model": "nsure audit",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "1.0.2"
},
{
"model": "netmail f",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"model": "imanager",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "2.5"
},
{
"model": "edirectory su1",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"model": "rational requisitepro",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "hp-ux aaa server a.06.01.02.04",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem services for hp-ux a.01.05.07",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NISCC uniras@niscc.gov.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0544",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#104280",
"trust": 0.8,
"value": "11.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#732952",
"trust": 0.8,
"value": "2.53"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#686224",
"trust": 0.8,
"value": "1.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#935264",
"trust": 0.8,
"value": "21.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#380864",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#255484",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CNNVD",
"id": "CNNVD-200311-040",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0544"
},
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "PACKETSTORM",
"id": "31738"
}
],
"trust": 6.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2003-0544",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 1.9
},
{
"db": "BID",
"id": "8732",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3900",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22249",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 1.1
},
{
"db": "XF",
"id": "13316",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "CA-2003-26",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:291",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:292",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "201029",
"trust": 0.6
},
{
"db": "ENGARDE",
"id": "ESA-20030930-027",
"trust": 0.6
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "XF",
"id": "43041",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-394",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-393",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:4574",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "31738",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"id": "VAR-200311-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-29T19:39:34.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"title": "HPSBUX00288",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
},
{
"title": "HPSBUX00290",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00901847"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
},
{
"title": "HPSBUX0310-284",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
},
{
"title": "openssl",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/openssl.html"
},
{
"title": "secadv_20030930",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-292.html"
},
{
"title": "RHSA-2003:291",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-291.html"
},
{
"title": "RHSA-2003:293",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-293.html"
},
{
"title": "57599",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-1"
},
{
"title": "57472",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-1"
},
{
"title": "57100",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-1"
},
{
"title": "57498",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-1"
},
{
"title": "57498",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-3"
},
{
"title": "57599",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-3"
},
{
"title": "57472",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-3"
},
{
"title": "57100",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-3"
},
{
"title": "TLSA-2003-55",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-55.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.co.jp/security/031210_62/top.html"
},
{
"title": "cisco-sa-20030930-ssl",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
},
{
"title": "RHSA-2003:292",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
},
{
"title": "RHSA-2003:291",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-291j.html"
},
{
"title": "RHSA-2003:293",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-293j.html"
},
{
"title": "TLSA-2003-55",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-55j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.1,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"trust": 4.8,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 4.0,
"url": "http://wp.netscape.com/eng/ssl3/"
},
{
"trust": 4.0,
"url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
},
{
"trust": 3.9,
"url": "http://www.openssl.org/news/secadv_20030930.txt"
},
{
"trust": 3.2,
"url": "http://www.ietf.org/html.charters/pkix-charter.html"
},
{
"trust": 2.7,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 1.9,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-291.html"
},
{
"trust": 1.6,
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-393"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
},
{
"trust": 1.6,
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/8732"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22249"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3900"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4574"
},
{
"trust": 0.9,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
},
{
"trust": 0.8,
"url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/pkcs/"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0544"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/advisories/default.aspx?id=br-20031104-00633.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/13316"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-26"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2003-26"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0544"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20031104-00748.pdf"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/43041"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3900"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4574"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
},
{
"trust": 0.3,
"url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/swupdates/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/esx/esx2-openssh.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/products/firewall.php"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/download/gsx_security.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
},
{
"trust": 0.3,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
},
{
"trust": 0.3,
"url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3040.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
},
{
"trust": 0.3,
"url": "http://www.ingate.com/relnote-331.php"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/security-alerts/"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3041.html"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/476/"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/company/newsroom/article/477/"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-08.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 0.3,
"url": "/archive/1/343055"
},
{
"trust": 0.1,
"url": "https://www.niscc.gov.uk)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#104280"
},
{
"db": "CERT/CC",
"id": "VU#732952"
},
{
"db": "CERT/CC",
"id": "VU#686224"
},
{
"db": "CERT/CC",
"id": "VU#935264"
},
{
"db": "CERT/CC",
"id": "VU#380864"
},
{
"db": "CERT/CC",
"id": "VU#255484"
},
{
"db": "BID",
"id": "8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"db": "PACKETSTORM",
"id": "31738"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2003-09-30T00:00:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"date": "2003-09-30T16:10:22",
"db": "PACKETSTORM",
"id": "31738"
},
{
"date": "2003-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"date": "2003-11-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#104280"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#732952"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#686224"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#935264"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#380864"
},
{
"date": "2003-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#255484"
},
{
"date": "2016-07-06T14:32:00",
"db": "BID",
"id": "8732"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000288"
},
{
"date": "2010-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-040"
},
{
"date": "2018-05-03T01:29:00",
"db": "NVD",
"id": "CVE-2003-0544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SSL/TLS implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#104280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "8732"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-040"
}
],
"trust": 0.9
}
}
var-200904-0263
Vulnerability from variot
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125.
PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS
GRANT_TXT VARCHAR2(100); GRANT_OPT VARCHAR2(20) := ' with grant option'; BEGIN
EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);
[...]
Patch Information Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0977",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0977",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. \n\nPROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS\n\nGRANT_TXT VARCHAR2(100);\nGRANT_OPT VARCHAR2(20) := \u0027 with grant option\u0027;\nBEGIN\n\nEXECUTE_STMT( \u0027grant execute on sys.aq$_agent to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_subscribers to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_recipients to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\n\n[...]\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0977",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQADM_SYS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"id": "VAR-200904-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:33:52.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502727/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502727/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0977"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:53:18",
"db": "PACKETSTORM",
"id": "76730"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.407000",
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2018-10-10T19:32:40.630000",
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
}
}
var-202206-0248
Vulnerability from variot
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.1"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26185"
}
]
},
"cve": "CVE-2020-26185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-26185",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-180238",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-017733",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26185",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-26185",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-118",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-180238",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "VULHUB",
"id": "VHN-180238"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26185",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84622",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-180238",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"id": "VAR-202206-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-180238"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:46:37.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Micro Edition Suite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195414"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26185"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-26185/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-july-2022-38858"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-180238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-180238"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-180238"
},
{
"date": "2023-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"date": "2022-06-01T15:15:08.900000",
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"date": "2022-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-180238"
},
{
"date": "2023-08-24T00:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-017733"
},
{
"date": "2022-11-29T02:48:42.590000",
"db": "NVD",
"id": "CVE-2020-26185"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-118"
}
],
"trust": 0.6
}
}
var-200303-0118
Vulnerability from variot
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Note that the server's RSA key is not compromised in this attack. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
Security Patch
The following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i, 0.9.7, and 0.9.7a.
--- s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 +++ s3_srvr.c 19 Mar 2003 18:00:00 -0000 @@ -1447,7 +1447,7 @@ if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); / }
if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
@@ -1463,30 +1463,29 @@ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); / + + / The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (https://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. / + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; } }
if (al != -1)
{
-#if 0 - goto f_err; -#else / Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - / + * (see RFC 2246, section 7.4.7.1). / ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); / should be RAND_bytes, but we cannot work around a failure */ -#endif }
s->session->master_key_length=
References
Report "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa: https://eprint.iacr.org/2003/052/
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0131 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131
URL for this Security Advisory: https://www.openssl.org/news/secadv_20030319.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "esoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mod ssl",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.4"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.4"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.3"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.2"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.1"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.0"
},
{
"model": "big-ip blade controller ptf-01",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2-2"
},
{
"model": "openvms -1h2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms -1h1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1-2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "project openssl b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.07.01"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.03.01"
},
{
"model": "apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.3.27.02"
},
{
"model": "transport layer security library",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.",
"sources": [
{
"db": "BID",
"id": "7148"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0131",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0131",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#888801",
"trust": 0.8,
"value": "4.05"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application\u0027s private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]\n\nKlima-Pokorny-Rosa attack on RSA in SSL/TLS\n===========================================\n\nCzech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa\nhave come up with an extension of the \"Bleichenbacher attack\" on RSA\nwith PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. \nNote that the server\u0027s RSA key is not compromised in this attack. \nOpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed\npatch modifies SSL/TLS server behaviour to avoid the vulnerability. \n\n\nSecurity Patch\n--------------\n\nThe following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i,\n0.9.7, and 0.9.7a. \n\n--- s3_srvr.c\t29 Nov 2002 11:31:51 -0000\t1.85.2.14\n+++ s3_srvr.c\t19 Mar 2003 18:00:00 -0000\n@@ -1447,7 +1447,7 @@\n \t\tif (i != SSL_MAX_MASTER_KEY_LENGTH)\n \t\t\t{\n \t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);\n+\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */\n \t\t\t}\n \n \t\tif ((al == -1) \u0026\u0026 !((p[0] == (s-\u003eclient_version\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eclient_version \u0026 0xff))))\n@@ -1463,30 +1463,29 @@\n \t\t\t\t(p[0] == (s-\u003eversion\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eversion \u0026 0xff))))\n \t\t\t\t{\n \t\t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);\n-\t\t\t\tgoto f_err;\n+\t\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */\n+\n+\t\t\t\t/* The Klima-Pokorny-Rosa extension of Bleichenbacher\u0027s attack\n+\t\t\t\t * (https://eprint.iacr.org/2003/052/) exploits the version\n+\t\t\t\t * number check as a \"bad version oracle\" -- an alert would\n+\t\t\t\t * reveal that the plaintext corresponding to some ciphertext\n+\t\t\t\t * made up by the adversary is properly formatted except\n+\t\t\t\t * that the version number is wrong. To avoid such attacks,\n+\t\t\t\t * we should treat this just like any other decryption error. */\n+\t\t\t\tp[0] = (char)(int) \"CAN-2003-0131 patch 2003-03-19\";\n \t\t\t\t}\n \t\t\t}\n \n \t\tif (al != -1)\n \t\t\t{\n-#if 0\n-\t\t\tgoto f_err;\n-#else\n \t\t\t/* Some decryption failure -- use random value instead as countermeasure\n \t\t\t * against Bleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding\n-\t\t\t * (see RFC 2246, section 7.4.7.1). \n-\t\t\t * But note that due to length and protocol version checking, the\n-\t\t\t * attack is impractical anyway (see section 5 in D. Bleichenbacher:\n-\t\t\t * \"Chosen Ciphertext Attacks Against Protocols Based on the RSA\n-\t\t\t * Encryption Standard PKCS #1\", CRYPTO \u002798, LNCS 1462, pp. 1-12). \n-\t\t\t */\n+\t\t\t * (see RFC 2246, section 7.4.7.1). */\n \t\t\tERR_clear_error();\n \t\t\ti = SSL_MAX_MASTER_KEY_LENGTH;\n \t\t\tp[0] = s-\u003eclient_version \u003e\u003e 8;\n \t\t\tp[1] = s-\u003eclient_version \u0026 0xff;\n \t\t\tRAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */\n-#endif\n \t\t\t}\n \t\n \t\ts-\u003esession-\u003emaster_key_length=\n\n\nReferences\n----------\n\nReport \"Attacking RSA-based Sessions in SSL/TLS\" by V. Klima, O. Pokorny,\nand T. Rosa:\nhttps://eprint.iacr.org/2003/052/\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0131 to this issue. \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20030319.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "PACKETSTORM",
"id": "169675"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0131",
"trust": 2.8
},
{
"db": "BID",
"id": "7148",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#888801",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095",
"trust": 0.8
},
{
"db": "XF",
"id": "11586",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2003-0013",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2003-014.0",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-288",
"trust": 0.6
},
{
"db": "SGI",
"id": "20030501-01-I",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2003-007",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2003.026",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030327 IMMUNIX SECURED OS 7+ OPENSSL UPDATE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030319 [OPENSSL ADVISORY] KLIMA-POKORNY-ROSA ATTACK ON PKCS #1 V1.5 PADDING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030324 GLSA: OPENSSL (200303-20)",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:035",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2003:024",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:461",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:102",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:101",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200303-20",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:625",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169675",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"id": "VAR-200303-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2023-12-18T12:40:39.190000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html"
},
{
"title": "secadv_20030319",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030319.txt"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-101.html"
},
{
"title": "4 Apache \u0026amp; SSL Security 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Apache \u0026amp; SSL Security 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Apache \u0026amp; SSL Security 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://eprint.iacr.org/2003/052/"
},
{
"trust": 2.5,
"url": "http://www.openssl.org/news/secadv_20030319.txt"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/7148"
},
{
"trust": 1.6,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-007.txt.asc"
},
{
"trust": 1.6,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
},
{
"trust": 1.6,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-288"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/888801"
},
{
"trust": 1.6,
"url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:035"
},
{
"trust": 1.6,
"url": "http://www.openpkg.org/security/openpkg-sa-2003.026-openssl.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
},
{
"trust": 1.0,
"url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a461"
},
{
"trust": 0.8,
"url": "http://www.i.cz/en/onas/tisk7.html"
},
{
"trust": 0.8,
"url": "http://www.i.cz/en/onas/tisk8.html"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.8,
"url": "http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/pkcs1/qa.html"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2408.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2409.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0131"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0131"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104811162730834\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11586"
},
{
"trust": 0.6,
"url": "http://www.novell.com/linux/security/advisories/2003_024_openssl.html"
},
{
"trust": 0.6,
"url": "http://www.suse.de/de/security/2003_024_openssl.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104878215721135\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104852637112330\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:461"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/315632"
},
{
"trust": 0.3,
"url": "/archive/1/315884"
},
{
"trust": 0.1,
"url": "https://eprint.iacr.org/2003/052/)"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0131"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-23T00:00:00",
"db": "CERT/CC",
"id": "VU#888801"
},
{
"date": "2003-03-19T00:00:00",
"db": "BID",
"id": "7148"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"date": "2003-03-19T12:12:12",
"db": "PACKETSTORM",
"id": "169675"
},
{
"date": "2003-03-24T05:00:00",
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"date": "2003-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#888801"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7148"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"date": "2018-10-19T15:29:23.713000",
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension",
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7148"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.9
}
}
var-201909-1539
Vulnerability from variot
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.22"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"cve": "CVE-2019-3740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3740",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155175",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3740",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3740",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3740",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155175",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-155175"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3740",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042539",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072126",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155175",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-201909-1539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:14:34.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174;-crypto-j-multiple-security-vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98406"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3740"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3740"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072126"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042539"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042641"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042103"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155175"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"date": "2019-09-18T23:15:11.173000",
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155175"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"date": "2023-11-07T03:10:11.167000",
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"date": "2022-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
],
"trust": 0.6
}
}
var-201609-0597
Vulnerability from variot
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. TLS (Transport Layer Security) is a set of protocols used to provide confidentiality and data integrity between two communication applications. SSH (full name Secure Shell) is a set of security protocols based on the application layer and transport layer developed by the Network Working Group of the Internet Engineering Task Force (IETF). IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: python security update Advisory ID: RHSA-2018:2123-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2123 Issue date: 2018-07-03 CVE Names: CVE-2016-2183 =====================================================================
- Summary:
An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
Note: This update modifies the Python ssl module to disable 3DES cipher suites by default.
Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
ppc64: python-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-devel-2.7.5-69.el7_5.ppc64.rpm python-libs-2.7.5-69.el7_5.ppc.rpm python-libs-2.7.5-69.el7_5.ppc64.rpm
ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
aarch64: python-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-devel-2.7.5-69.el7_5.aarch64.rpm python-libs-2.7.5-69.el7_5.aarch64.rpm
ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: python-debug-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-test-2.7.5-69.el7_5.ppc64.rpm python-tools-2.7.5-69.el7_5.ppc64.rpm tkinter-2.7.5-69.el7_5.ppc64.rpm
ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: python-debug-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-test-2.7.5-69.el7_5.aarch64.rpm python-tools-2.7.5-69.el7_5.aarch64.rpm tkinter-2.7.5-69.el7_5.aarch64.rpm
ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5 cIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea FyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh v2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq xGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O T3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p 1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso 2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL 8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo p93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv 6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1 6NvSNmqGIdM= =AUgF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369415
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05369415 Version: 1
HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-01-18 Last Updated: 2017-01-18
Potential Security Impact: Remote: Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE Real User Monitor (RUM) resulting in remote disclosure of information also known as the SWEET32 attack.
References:
- CVE-2016-2183 - SWEET32
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP Real User Monitor Software Series v9.2x, v9.30
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2183
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following mitigation information to resolve the vulnerability for impacted versions of HPE Real User Monitor (RUM):
HISTORY Version:1 (rev.1) - 18 January 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179)
Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180)
It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302)
Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37
After a standard system update you need to reboot your computer to make all the necessary changes. This update causes NSS to limit use of the same symmetric key. (CVE-2017-5461)
This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2021:0309
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-x86_64
The image digest is sha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-s390x
The image digest is sha256:2335685cda334ecf9e12c056b148c483fb81412fbfc96c885dc669d775e1f1ee
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.16-ppc64le
The image digest is sha256:953ccacf79467b3e8ebfb8def92013f1574d75e24b3ea9a455aa8931f7f17b88
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
Security Fix(es):
-
SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)
-
openshift/builder: privilege escalation during container image builds via mounted secrets (CVE-2021-3344)
-
openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250 (CVE-2021-20198)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
1873004 - [downstream] Should indicate the version info instead of the commit info
1887759 - [release 4.6] Gather MachineConfigPools
1889676 - [release 4.6] Gather top installplans and their count
1889865 - operator-registry image needs clean up in /tmp
1890274 - [4.6] External IP doesn't work if the IP address is not assigned to a node
1890452 - Adding BYOK disk encryption through DES
1891697 - Handle missing labels as empty.
1891892 - The windows oc.exe binary does not have version metadata
1893409 - [release-4.6] MCDPivotError alert/metric missing
1893738 - Examining agones helm chart resources results in "Oh no!"
1894916 - [4.6] Panic output due to timeouts in openshift-apiserver
1896919 - start creating new-style Secrets for AWS
1898672 - Pod gets stuck in ContainerCreating state with exhausted Whereabouts IPAM range with a daemonset
1899107 - [4.6] ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1899535 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1901602 - Extra reboot during 4.5 -> 4.6 upgrade
1901605 - CNO blocks editing Kuryr options
1903649 - Automated cleaning is disabled by default
1903887 - dns daemonset rolls out slowly in large clusters
1904091 - Missing registry v1 protocol usage metric on telemetry
1904577 - [4.6] Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1905031 - (release-4.6) Collect spec config for clusteroperator resources
1905195 - [release-4.6] Detecting broken connections to the Kube API takes up to 15 minutes
1905573 - [4.6] Changing the bound token service account issuer invalids previously issued bound tokens
1905788 - Role name missing on create role binding form
1906332 - update discovery burst to reflect lots of CRDs on openshift clusters
1906741 - KeyError: 'nodeName' on NP deletion
1906796 - [SA] verify-image-signature using service account does not work
1907827 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1907830 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1909673 - scale up / down buttons available on pod details side panel
1912388 - [OVN]: make check broken on 4.6
1912430 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1913109 - oc debug of an init container no longer works
1913645 - Improved Red Hat image and crashlooping OpenShift pod collection
1915560 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1916096 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1916100 - [oVirt] Consume 23-10 ovirt sdk - csi operator
1916347 - Updating scheduling component builder & base images to be consistent with ART
1916857 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1917240 - [4.6] Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1917498 - Regression OLM uses scoped client for CRD installation
1917547 - oc adm catalog mirror does not mirror the index image itself
1917548 - [4.6] Cannot filter the platform/arch of the index image
1917549 - Failed to mirror operator catalog - error: destination registry required
1917550 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1917609 - [4.6z] Deleting an exgw causes pods to no longer route to other exgws
1918194 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1918202 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1918525 - OLM enters infinite loop if Pending CSV replaces itself
1918779 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1918792 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1918961 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1920764 - CVE-2021-20198 openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250
1920873 - Failure to upgrade operator when a Service is included in a Bundle
1920995 - kuryr-cni pods using unreasonable amount of CPU
1921450 - CVE-2021-3344 openshift/builder: privilege escalation during container image builds via mounted secrets
1921473 - test-cmd is failing on volumes.sh pretty consistently
1921599 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
-
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1q"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.1.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0.0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.0-006"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.6-068"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.5.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1r"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1p"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1n"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "2.7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.16"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2f"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.2.0"
},
{
"model": "jboss web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.6.0"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "2.7.13"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1t"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.4.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.47"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.5.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.4.7"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.7",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.13",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.12.16",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.10.47",
"versionStartIncluding": "0.10.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "159431"
},
{
"db": "PACKETSTORM",
"id": "156451"
},
{
"db": "PACKETSTORM",
"id": "161320"
}
],
"trust": 0.4
},
"cve": "CVE-2016-2183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2183",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-91002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack. TLS (Transport Layer Security) is a set of protocols used to provide confidentiality and data integrity between two communication applications. SSH (full name Secure Shell) is a set of security protocols based on the application layer and transport layer developed by the Network Working Group of the Internet Engineering Task Force (IETF). IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: python security update\nAdvisory ID: RHSA-2018:2123-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2123\nIssue date: 2018-07-03\nCVE Names: CVE-2016-2183 \n=====================================================================\n\n1. Summary:\n\nAn update for python is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\nNote: This update modifies the Python ssl module to disable 3DES cipher\nsuites by default. \n\nRed Hat would like to thank OpenVPN for reporting this issue. Upstream\nacknowledges Karthikeyan Bhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as\nthe original reporters. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nppc64:\npython-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-devel-2.7.5-69.el7_5.ppc64.rpm\npython-libs-2.7.5-69.el7_5.ppc.rpm\npython-libs-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\naarch64:\npython-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-devel-2.7.5-69.el7_5.aarch64.rpm\npython-libs-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\npython-debug-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-test-2.7.5-69.el7_5.ppc64.rpm\npython-tools-2.7.5-69.el7_5.ppc64.rpm\ntkinter-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\npython-debug-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-test-2.7.5-69.el7_5.aarch64.rpm\npython-tools-2.7.5-69.el7_5.aarch64.rpm\ntkinter-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5\ncIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea\nFyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh\nv2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq\nxGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O\nT3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p\n1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso\n2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL\n8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo\np93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv\n6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1\n6NvSNmqGIdM=\n=AUgF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369415\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05369415\nVersion: 1\n\nHPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-01-18\nLast Updated: 2017-01-18\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in DES/3DES block ciphers used in the TLS protocol,\ncould potentially impact HPE Real User Monitor (RUM) resulting in remote\ndisclosure of information also known as the SWEET32 attack. \n\nReferences:\n\n - CVE-2016-2183 - SWEET32\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP Real User Monitor Software Series v9.2x, v9.30\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2183\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following mitigation information to resolve the\nvulnerability for impacted versions of HPE Real User Monitor (RUM): \n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02683527\u003e\n\nHISTORY\nVersion:1 (rev.1) - 18 January 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nShi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request\nextension. (CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when\nperforming pointer arithmetic. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nTS_OBJ_print_bio() function. (CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\nfeature. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n(CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nMDC2_Update() function. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. This update causes NSS to limit use of the same symmetric key. (CVE-2017-5461)\n\nThis update refreshes the NSS package to version 3.28.4 which includes\nthe latest CA certificate bundle. After a standard system update you need to restart any applications\nthat use NSS, such as Evolution and Chromium, to make all the necessary\nchanges. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.6.16. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2021:0309\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-x86_64\n\nThe image digest is\nsha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-s390x\n\nThe image digest is\nsha256:2335685cda334ecf9e12c056b148c483fb81412fbfc96c885dc669d775e1f1ee\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.16-ppc64le\n\nThe image digest is\nsha256:953ccacf79467b3e8ebfb8def92013f1574d75e24b3ea9a455aa8931f7f17b88\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n(CVE-2016-2183)\n\n* openshift/builder: privilege escalation during container image builds via\nmounted secrets (CVE-2021-3344)\n\n* openshift/installer: Bootstrap nodes allow anonymous authentication on\nkubelet port 10250 (CVE-2021-20198)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1873004 - [downstream] Should indicate the version info instead of the commit info\n1887759 - [release 4.6] Gather MachineConfigPools\n1889676 - [release 4.6] Gather top installplans and their count\n1889865 - operator-registry image needs clean up in /tmp\n1890274 - [4.6] External IP doesn\u0027t work if the IP address is not assigned to a node\n1890452 - Adding BYOK disk encryption through DES\n1891697 - Handle missing labels as empty. \n1891892 - The windows oc.exe binary does not have version metadata\n1893409 - [release-4.6] MCDPivotError alert/metric missing\n1893738 - Examining agones helm chart resources results in \"Oh no!\"\n1894916 - [4.6] Panic output due to timeouts in openshift-apiserver\n1896919 - start creating new-style Secrets for AWS\n1898672 - Pod gets stuck in ContainerCreating state with exhausted Whereabouts IPAM range with a daemonset\n1899107 - [4.6] ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1899535 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster\n1901602 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1901605 - CNO blocks editing Kuryr options\n1903649 - Automated cleaning is disabled by default\n1903887 - dns daemonset rolls out slowly in large clusters\n1904091 - Missing registry v1 protocol usage metric on telemetry\n1904577 - [4.6] Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1905031 - (release-4.6) Collect spec config for clusteroperator resources\n1905195 - [release-4.6] Detecting broken connections to the Kube API takes up to 15 minutes\n1905573 - [4.6] Changing the bound token service account issuer invalids previously issued bound tokens\n1905788 - Role name missing on create role binding form\n1906332 - update discovery burst to reflect lots of CRDs on openshift clusters\n1906741 - KeyError: \u0027nodeName\u0027 on NP deletion\n1906796 - [SA] verify-image-signature using service account does not work\n1907827 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1907830 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1909673 - scale up / down buttons available on pod details side panel\n1912388 - [OVN]: `make check` broken on 4.6\n1912430 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1913109 - oc debug of an init container no longer works\n1913645 - Improved Red Hat image and crashlooping OpenShift pod collection\n1915560 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1916096 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1916100 - [oVirt] Consume 23-10 ovirt sdk - csi operator\n1916347 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1916857 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1917240 - [4.6] Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1917498 - Regression OLM uses scoped client for CRD installation\n1917547 - oc adm catalog mirror does not mirror the index image itself\n1917548 - [4.6] Cannot filter the platform/arch of the index image\n1917549 - Failed to mirror operator catalog - error: destination registry required\n1917550 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1917609 - [4.6z] Deleting an exgw causes pods to no longer route to other exgws\n1918194 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1918202 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1918525 - OLM enters infinite loop if Pending CSV replaces itself\n1918779 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1918792 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1918961 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1920764 - CVE-2021-20198 openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250\n1920873 - Failure to upgrade operator when a Service is included in a Bundle\n1920995 - kuryr-cni pods using unreasonable amount of CPU\n1921450 - CVE-2021-3344 openshift/builder: privilege escalation during container image builds via mounted secrets\n1921473 - test-cmd is failing on volumes.sh pretty consistently\n1921599 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n\n5. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
},
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "159431"
},
{
"db": "PACKETSTORM",
"id": "156451"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "138820"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "161320"
},
{
"db": "PACKETSTORM",
"id": "169633"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-91002",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2183",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "142756",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036696",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40312",
"trust": 1.1
},
{
"db": "BID",
"id": "92630",
"trust": 1.1
},
{
"db": "BID",
"id": "95568",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2017-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-21",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-20",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-16",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10197",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10310",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10186",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10215",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10171",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10759",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42091",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "161320",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148410",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "140708",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142340",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "156451",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141352",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140718",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144865",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144869",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147581",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152978",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140977",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141353",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-91002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138820",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169633",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "159431"
},
{
"db": "PACKETSTORM",
"id": "156451"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "138820"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "161320"
},
{
"db": "PACKETSTORM",
"id": "169633"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"id": "VAR-201609-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:50:53.381000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/articles/2548661"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2123"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0451"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3087-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3270-1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036696"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2017/may/105"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2017/jul/31"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2018/nov/21"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92630"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95568"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0336.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0337.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0338.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0462.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1216"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2708"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2709"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2710"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3113"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3114"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3239"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3240"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1245"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2859"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3087-2"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3179-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3194-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3198-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3372-1"
},
{
"trust": 1.1,
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaapsv"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaapue"
},
{
"trust": 1.1,
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.1,
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
},
{
"trust": 1.1,
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"trust": 1.1,
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"trust": 1.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613"
},
{
"trust": 1.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k13167034"
},
{
"trust": 1.1,
"url": "https://sweet32.info/"
},
{
"trust": 1.1,
"url": "https://wiki.opendaylight.org/view/security_advisories"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"trust": 1.1,
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.sigsac.org/ccs/ccs2016/accepted-papers/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"trust": 1.1,
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369403"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369415"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05385680"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390722"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390849"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03725en_us"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10186"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10197"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10310"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05302448"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369403"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369415"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05385680"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390849"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03725en_us"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10171"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10186"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10197"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10215"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3842"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05369415"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.17.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5461"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:0309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20198"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305"
},
{
"trust": 0.1,
"url": "https://sweet32.info)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "159431"
},
{
"db": "PACKETSTORM",
"id": "156451"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "138820"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "161320"
},
{
"db": "PACKETSTORM",
"id": "169633"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "159431"
},
{
"db": "PACKETSTORM",
"id": "156451"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "138820"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "161320"
},
{
"db": "PACKETSTORM",
"id": "169633"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-91002"
},
{
"date": "2018-07-03T14:44:44",
"db": "PACKETSTORM",
"id": "148410"
},
{
"date": "2020-10-01T14:47:21",
"db": "PACKETSTORM",
"id": "159431"
},
{
"date": "2020-02-20T21:09:43",
"db": "PACKETSTORM",
"id": "156451"
},
{
"date": "2017-01-24T19:13:55",
"db": "PACKETSTORM",
"id": "140708"
},
{
"date": "2016-09-22T22:25:00",
"db": "PACKETSTORM",
"id": "138820"
},
{
"date": "2017-04-27T23:47:18",
"db": "PACKETSTORM",
"id": "142340"
},
{
"date": "2021-02-08T16:28:20",
"db": "PACKETSTORM",
"id": "161320"
},
{
"date": "2016-09-22T12:12:12",
"db": "PACKETSTORM",
"id": "169633"
},
{
"date": "2016-09-01T00:59:00.137000",
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91002"
},
{
"date": "2023-02-12T23:17:38.140000",
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "138820"
},
{
"db": "PACKETSTORM",
"id": "142340"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2018-2123-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "148410"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "142340"
}
],
"trust": 0.1
}
}
var-200303-0010
Vulnerability from variot
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.04"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.03"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.02"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.01"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.22"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.21"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.19"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.18"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.20"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.6,
"vendor": "stunnel",
"version": "4.0"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.17"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.16"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.15"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.14"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.13"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.12"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.11"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.9"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.8"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.7"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.10"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.2"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crypto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fressh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu libgcrypt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intoto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vandyke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cryptlib",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "esoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mod ssl",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "openssh",
"scope": "lte",
"trust": 0.8,
"vendor": "openbsd",
"version": "3.5"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.4"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.8"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.7"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.0"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "2.4"
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "4.00"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "communications security certificate/tls toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "mod ssl",
"scope": "eq",
"trust": 0.3,
"vendor": "mod ssl",
"version": "2.8.14"
},
{
"model": "igateway",
"scope": "eq",
"trust": 0.3,
"vendor": "intoto",
"version": "3.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.5"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.4"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.3"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.2"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.1"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.0"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.12"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.11"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.10"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.9"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.8"
},
{
"model": "networks ironview",
"scope": null,
"trust": 0.3,
"vendor": "foundry",
"version": null
},
{
"model": "big-ip blade controller ptf-01",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "5.0"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "4.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.3"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2-2"
},
{
"model": "openvms -1h2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms -1h1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1-2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.5"
},
{
"model": "project openssl b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.07.01"
},
{
"model": "crypto++ library",
"scope": "ne",
"trust": 0.3,
"vendor": "crypto",
"version": "5.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Brumley and Dan Boneh.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0147",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0147",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#997481",
"trust": 0.8,
"value": "9.42"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server\u0027s private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "BID",
"id": "7101"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0147",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#997481",
"trust": 1.8
},
{
"db": "BID",
"id": "7101",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"id": "VAR-200303-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2023-12-18T13:10:54.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apache.org/"
},
{
"title": "HPSBUX00280",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00954663"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255"
},
{
"title": "HPSBUX0309-280",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0309-280.html"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html"
},
{
"title": "secadv_20030317",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-205.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-102.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-101.html"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3"
},
{
"title": "4 Apache \u0026amp; SSL Security 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Apache \u0026amp; SSL Security 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Apache \u0026amp; SSL Security 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-205j.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-102j.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"trust": 1.1,
"url": "http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html"
},
{
"trust": 1.0,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
},
{
"trust": 1.0,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
},
{
"trust": 1.0,
"url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
},
{
"trust": 1.0,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2003/dsa-288"
},
{
"trust": 1.0,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/997481"
},
{
"trust": 1.0,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035"
},
{
"trust": 1.0,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466"
},
{
"trust": 0.8,
"url": "http://ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.cryptography.com/resources/whitepapers/timingattacks.pdf"
},
{
"trust": 0.8,
"url": "http://www.bell-labs.com/user/bleichen/papers/chosen.ps"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf"
},
{
"trust": 0.8,
"url": "http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf"
},
{
"trust": 0.8,
"url": "http://islab.oregonstate.edu/documents/people/blaze/quantize.shar"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/unixfocus/5fp0c209fe.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7101"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.eskimo.com/~weidai/cryptlib.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata31.html#kadmin"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata32.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/ip/deploy/ias/index.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.covalent.net/support/rotate.php?page=109"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/315884"
},
{
"trust": 0.3,
"url": "/archive/1/315904"
},
{
"trust": 0.3,
"url": "/archive/1/315292"
},
{
"trust": 0.3,
"url": "/archive/1/315069"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2003-03-14T00:00:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2003-03-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"date": "2003-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2018-10-19T15:29:26.540000",
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
}
}
var-200904-0264
Vulnerability from variot
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE
May 4, 2009
Risk Level: High
Affected versions: Oracle Database Server version 10gR1
Remote exploitable: Yes (Authentication to Database Server is needed)
Credits: This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc.
Details: Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS.
Impact: By default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges.
Vendor Status: Vendor was contacted and a patch was released.
Workaround: Restrict access to the [WM]SYS.LT package.
CVE: CVE-2009-0978
Links: Application Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
Timeline: Vendor Notification - 8/22/2007 Fix - 4/14/2009 Public Disclosure - 5/04/2009
Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0978",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0978",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nOracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE\n\nMay 4, 2009\n\nRisk Level:\nHigh\n\nAffected versions:\nOracle Database Server version 10gR1\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nOracle Database provides the \"LT\" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS. \n\nImpact:\nBy default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict access to the [WM]SYS.LT package. \n\nCVE:\nCVE-2009-0978\n\nLinks:\nApplication Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nTimeline:\nVendor Notification - 8/22/2007\nFix - 4/14/2009\nPublic Disclosure - 5/04/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0978",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53734",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "77385",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"id": "VAR-200904-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:06:07.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53734"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0978"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2009-05-10T13:14:44",
"db": "PACKETSTORM",
"id": "77385"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.420000",
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2016-11-22T16:16:49.307000",
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
}
}
var-200904-0418
Vulnerability from variot
Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0997",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0997",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-315",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0997",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53739",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"id": "VAR-200904-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:49:49.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53739"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0997"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0997"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.767000",
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"date": "2012-10-23T03:04:28.710000",
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Database Vault Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.6
}
}
var-202207-0600
Vulnerability from variot
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"model": "bsafe crypto-c-micro-edition",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.1.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oracle security service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "bsafe crypto-c micro edition",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bsafe micro edition suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "oracle weblogic server proxy plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35163"
}
]
},
"cve": "CVE-2020-35163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-35163",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377254",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35163",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-35163",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-35163",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-834",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-377254",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35163",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. (DoS) It may be in a state. Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificates and transport layer security for c/c++ applications, devices and systems. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain verification, Transport Layer Security (TLS) cipher suites, etc. to help users achieve various security goals for their applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "VULMON",
"id": "CVE-2020-35163"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35163",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-84616",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377254",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35163",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"id": "VAR-202207-0600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377254"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:55:51.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02022 Dell Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"title": "Dell BSAFE Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200899"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35163"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-35163/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2022-38855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377254"
},
{
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-377254"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"date": "2022-07-11T20:15:08.273000",
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-377254"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35163"
},
{
"date": "2023-09-25T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2019-016810"
},
{
"date": "2022-11-29T02:49:41.470000",
"db": "NVD",
"id": "CVE-2020-35163"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Crypto-C\u00a0Micro\u00a0Edition\u00a0 and \u00a0Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Vulnerability in using inadequate random values in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-834"
}
],
"trust": 0.6
}
}
var-202012-1556
Vulnerability from variot
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"cve": "CVE-2020-5360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5360",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-183485",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-014491",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5360",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5360",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1187",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-183485"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5360",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042527",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183485",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"id": "VAR-202012-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:06:30.966000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-114",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"title": "Dell BSAFE Micro Edition Suite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5360"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042527"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042102"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-183485"
},
{
"date": "2021-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"date": "2020-12-16T16:15:14.477000",
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-183485"
},
{
"date": "2021-08-20T08:21:00",
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"date": "2021-12-09T18:21:28.650000",
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "160EBE76-7CED-4210-9FBB-8649B14DAE1A",
"versionEndExcluding": "12.2.0.1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves DSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves DSA."
}
],
"id": "CVE-2019-3740",
"lastModified": "2024-11-21T04:42:26.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.173",
"references": [
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2024-11-21 02:42
Severity ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios locales afectar a la integridad a trav\u00e9s de vectores desconocidos, una vulnerabilidad distinta a CVE-2016-0691."
}
],
"id": "CVE-2016-0690",
"lastModified": "2024-11-21T02:42:10.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-21T10:59:50.743",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035590"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:12
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7038B7-BBBB-4C8A-9479-204E11669A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD30EF6-606E-416A-B758-43CD75437A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente RDBMS Security de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.2.0.1, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante con privilegios de DBA con acceso a la red por medio de Oracle Net, comprometer la seguridad del RDBMS. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una suspensi\u00f3n o un bloqueo que se repite con frecuencia (DOS completa) de RDBMS Security, as\u00ed como el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de RDBMS Security. CVSS 3.1 Puntuaci\u00f3n Base 5.5 (impactos en la Integridad y la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)"
}
],
"id": "CVE-2021-35551",
"lastModified": "2024-11-21T06:12:29.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-20T11:16:32.100",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente RDBMS Gateway / Generic ODBC Connectivity de Oracle Database Server. Las versiones afectadas son 12.1.0.2, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y que tenga acceso a la red por medio de Oracle Net, poner en peligro RDBMS Gateway / Generic ODBC Connectivity. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, una inserci\u00f3n o una eliminaci\u00f3n de algunos de los datos accesibles de RDBMS Gateway / Generic ODBC Connectivity, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de RDBMS Gateway / Generic ODBC Connectivity. CVSS 3.1, Puntuaci\u00f3n Base 5.4 (impactos en la Confidencialidad y la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)"
}
],
"id": "CVE-2022-21411",
"lastModified": "2024-11-21T06:44:38.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2022-04-19T21:15:14.367",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/99865 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1038923 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99865 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038923 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente OJVM de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4, 12.1.0.2 y la 12.2.0.1. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios y con permisos Create Session y Create Procedure que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de OJVM. Aunque la vulnerabilidad est\u00e1 presente en OJVM, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de OJVM. Nota: Esta puntuaci\u00f3n es para plataformas Windows. En plataformas distintas a Windows, el alcance no cambia, por lo que se da una puntuaci\u00f3n base de CVSS de 8.8. CVSS 3.0 Base Score 9.9 (mpactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2017-10202",
"lastModified": "2024-11-21T03:05:37.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-08T15:29:05.960",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99865"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038923"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6CC4D8AC-0081-420A-AE24-F3D8E071DC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Recovery de Oracle Database Server. Para conocer las versiones compatibles que est\u00e1n afectadas, v\u00e9ase la nota. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante muy privilegiado que tenga el privilegio EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT con acceso a la red por medio de Oracle Net comprometer a Oracle Database - Enterprise Edition Recovery. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Enterprise Edition Recovery. Nota: Ninguna de las versiones compatibles est\u00e1 afectada. CVSS 3.1, Puntuaci\u00f3n Base 7.2 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"id": "CVE-2022-21511",
"lastModified": "2024-11-21T06:44:51.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:10.143",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-18 21:15
Modified
2024-11-21 06:45
Severity ?
Summary
Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2022.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Advanced Queuing de Oracle Database Server. La versi\u00f3n soportada que est\u00e1 afectada es 19c. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios de usuario DBA con acceso a la red por medio de Oracle Net comprometer a Oracle Database - Advanced Queuing. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Advanced Queuing. CVSS 3.1 Puntuaci\u00f3n Base 7.2 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)"
}
],
"id": "CVE-2022-21596",
"lastModified": "2024-11-21T06:45:02.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-10-18T21:15:11.527",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-16 16:15
Modified
2024-11-21 05:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 12.2.0.1 | |
| oracle | database | 18c | |
| oracle | database | 19c | |
| oracle | http_server | 11.1.1.9.0 | |
| oracle | http_server | 12.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 11.1.1.9.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838D4372-D93F-4BAD-90C2-E6E3BB18C2A9",
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4552F9-F5B9-4A52-BA5C-D32D49FABD28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D47F41D7-8C75-47F3-8DF3-CC15378FBB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "068876EF-0594-4BE6-B9EC-04730837013E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3EA2E7-D903-4AA3-B38C-1EE71DF52276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems."
},
{
"lang": "es",
"value": "Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Lectura Insuficiente del B\u00fafer.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad resultando en un comportamiento indefinido o un bloqueo de los sistemas afectados"
}
],
"id": "CVE-2020-5360",
"lastModified": "2024-11-21T05:33:58.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-16T16:15:14.477",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-127"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:12
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7038B7-BBBB-4C8A-9479-204E11669A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD30EF6-606E-416A-B758-43CD75437A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Core RDBMS de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de Oracle Net, comprometer el Core RDBMS. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Core RDBMS. CVSS 3.1 Puntuaci\u00f3n Base 4.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)"
}
],
"id": "CVE-2021-35558",
"lastModified": "2024-11-21T06:12:30.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-20T11:16:34.447",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-01 00:59
Modified
2024-11-21 02:47
Severity ?
Summary
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14259BF1-3601-4BF1-A591-FC4DE1639C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "681173DF-537E-4A64-8FC7-75F439CCAD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EB07A0-FB38-4F17-9C8D-DB629967F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F7B6BD-821B-4355-8C81-CEA6079B9A85",
"versionEndExcluding": "2.7.13",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C03FE-52E0-477A-A104-8F2CC0EEE753",
"versionEndExcluding": "3.4.7",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35B35EBF-9EA0-4BB4-B868-600D2BAA9790",
"versionEndExcluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA04185-D9B6-4ED0-9D23-7642BF0228F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:*",
"matchCriteriaId": "A61A1AF3-CE0F-4744-A11A-57DE1ABC7CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
"matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BACF673F-7ADA-4D70-9BA9-2F5252E3467A",
"versionEndExcluding": "0.10.47",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D1AA1-18BE-4134-883E-97CE3E729CBB",
"versionEndExcluding": "0.12.16",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8B5C9903-298B-4084-A505-E60A00A63558",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8291D42E-9E50-414D-9752-D70906D512B2",
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
},
{
"lang": "es",
"value": "Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumplea\u00f1os de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a trav\u00e9s de un ataque de cumplea\u00f1os contra una sesi\u00f3n cifrada de larga duraci\u00f3n, seg\u00fan lo demostrado por una sesi\u00f3n HTTPS usando Triple DES en modo CBC, tambi\u00e9n conocido como un ataque \"Sweet32\"."
}
],
"id": "CVE-2016-2183",
"lastModified": "2024-11-21T02:47:59.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-01T00:59:00.137",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/2548661"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/2548661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://sweet32.info/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable"
}
],
"id": "CVE-2020-35168",
"lastModified": "2024-11-21T05:26:53.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.487",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-27 22:59
Modified
2024-11-21 03:25
Severity ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente OJVM de Oracle Database Server. Versiones compatibles que estan afectadas son 11.2.0.4 y 12.1.0.2. Vulnerabilidad f\u00e1cilmente explotable permite a un atacante poco privilegiado poseedor de privilegio Create Session, Create Procedure con acceso a la red a trav\u00e9s de m\u00faltiples protocolos, comprometer OJVM. Ataques exitosos requieren interacci\u00f3n humana de una persona distinta del atacante y mientras la vulnerabilidad est\u00e9 en OJVM, los ataques podr\u00edan afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de OJVM. CVSS v3.0 Base Score 9.0 (Impactos de Integridad, Confidencialidad y Disponibilidad)."
}
],
"id": "CVE-2017-3310",
"lastModified": "2024-11-21T03:25:15.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-27T22:59:04.287",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95481"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1037630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037630"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-21 15:15
Modified
2024-11-21 05:04
Severity ?
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente RDBMS Security de Oracle Database Server.\u0026#xa0;La versi\u00f3n compatible que est\u00e1 afectada es la 19c.\u0026#xa0;Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado que tenga el privilegio Analyze Any con acceso a la red por medio de Oracle Net comprometer a RDBMS Security.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de RDBMS Security.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 4.9 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)"
}
],
"id": "CVE-2020-14901",
"lastModified": "2024-11-21T05:04:26.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2020-10-21T15:15:26.780",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:26
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Summary
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19d:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A5374183-C50F-44D3-8E3E-CA0138383C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Oracle Database - Enterprise Edition de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1, 18c y 19c. La vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado teniendo privilegios de cuenta de rol DBA con acceso de red por medio de Oracle Net comprometer a Oracle Database - Enterprise Edition. Aunque la vulnerabilidad se encuentra en Oracle Database - Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition. CVSS 3.1 Puntuaci\u00f3n Base 4.1 (Impactos de la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)"
}
],
"id": "CVE-2020-2978",
"lastModified": "2024-11-21T05:26:46.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-07-15T18:15:38.990",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable"
}
],
"id": "CVE-2020-35164",
"lastModified": "2024-11-21T05:26:52.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.330",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Data Redaction de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante poco privilegiado con acceso a la red por medio de Oracle Net, comprometer al componente Oracle Database - Enterprise Edition Data Redaction. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition Data Redaction. CVSS 3.1 Puntuaci\u00f3n Base 3.5 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2021-2334",
"lastModified": "2024-11-21T06:02:54.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-07-21T15:15:16.240",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-01 12:15
Modified
2024-11-21 05:54
Severity ?
Summary
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ABB491-6750-457E-B5A4-67C1146CB15F",
"versionEndIncluding": "8.5.61",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFCBAF-1583-4C2F-8776-76F4DCB582B5",
"versionEndIncluding": "9.0.41",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA7CC5E9-3631-4073-84C8-2C12D90686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "83B9FF07-1B93-4F8C-AC56-7CA74E61B724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "53A9F7EE-AF2A-43E5-B708-0198784AB45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "AC872C5F-63AF-4BB8-8629-334FC9704AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "94B95C95-DF3E-49C1-9CA0-4474DD7EF7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "310B0163-01DE-40DA-A2EA-FFA4A6100037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "75420449-A951-4133-A5F1-4C01F2DF843B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38532AE4-9C9F-4182-A791-FCD2BE27DEA6",
"versionEndExcluding": "21.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graph_server_and_client:21.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "715F9279-F31E-4CC0-A105-95A008EACBA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F2267-61EA-4F12-ADE9-85CB6F6B290E",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90605BF7-9C9B-4AC2-83B6-3666C5A15D43",
"versionEndIncluding": "21.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request."
},
{
"lang": "es",
"value": "Cuando se responde a nuevas peticiones de conexi\u00f3n h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podr\u00edan duplicar los encabezados de petici\u00f3n y una cantidad limitada del cuerpo de petici\u00f3n de una petici\u00f3n a otra, lo que significa que el usuario A y el usuario B podr\u00edan visualizar los resultados de la petici\u00f3n del usuario A"
}
],
"id": "CVE-2021-25122",
"lastModified": "2024-11-21T05:54:23.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-01T12:15:13.793",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-20 19:15
Modified
2024-11-21 05:40
Severity ?
Summary
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5E91B0-1B3B-4871-ADD0-C772DA1894E6",
"versionEndExcluding": "7.0.108",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F32163D-F54D-48C9-AE9D-44ABA776B060",
"versionEndExcluding": "8.5.63",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C570AD4E-B51D-4490-83B9-BFC8528514EF",
"versionEndExcluding": "9.0.43",
"versionStartIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
"versionEndIncluding": "8.4.0.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E9A12-BFE9-4963-A360-A34168A6BF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E1357-E3A1-461C-B7A0-A9446E45496D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464",
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C60E6C-1A61-422B-A132-FB024761F576",
"versionEndIncluding": "8.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AACBCC9-FDAC-42DF-B931-BD908CAF5C65",
"versionEndIncluding": "21.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30DB69BD-0F6E-4AB5-A861-7CB911C35660",
"versionEndIncluding": "20.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "630C8E99-FE49-486E-9003-40B82809B7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "C842DE9E-5E12-4295-AFA5-DEB5FEDE490A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
},
{
"lang": "es",
"value": "Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor est\u00e1 configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager est\u00e1 configurado con sessionAttributeValueClassNameFilter=\"null\" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicaci\u00f3n de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petici\u00f3n espec\u00edficamente dise\u00f1ada, el atacante podr\u00e1 ser capaz de desencadenar una ejecuci\u00f3n de c\u00f3digo remota mediante la deserializaci\u00f3n del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga \u00e9xito."
}
],
"id": "CVE-2020-9484",
"lastModified": "2024-11-21T05:40:44.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-20T19:15:09.257",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/6"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Sharding de Oracle Database Server. La versi\u00f3n compatible que est\u00e1 afectada es 19c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado de Crear Cualquier Procedimiento con acceso a la red por medio de Oracle Net, comprometer Oracle Database - Enterprise Edition Sharding. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Enterprise Edition Sharding. CVSS 3.1, Puntuaci\u00f3n Base 7.2, (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)"
}
],
"id": "CVE-2022-21410",
"lastModified": "2024-11-21T06:44:38.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2022-04-19T21:15:14.317",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-13 01:30
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:3.2.1.00.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFEBC35-56DE-4089-80F4-779200F48FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el componente Application Express Application Builder en Oracle Database v3.2.1.00.10 permite a usuarios remotos autenticados influir en la confidencialidad y la disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-0076",
"lastModified": "2024-11-21T01:11:27.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-13T01:30:01.187",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2024-11-21 02:42
Severity ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 12.1.0.1 y 12.1.0.2 permite a atacantes remotos afectar a la disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-0677",
"lastModified": "2024-11-21T02:42:08.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-21T10:59:39.430",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035590"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/101350 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente RDBMS Security de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4, 12.1.0.2 y la 12.2.0.1. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un alto nivel de privilegios, con privilegios Create User e inicio de sesi\u00f3n en la infraestructura en la que se ejecuta RDBMS Security comprometa la seguridad de RDBMS Security. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso sin autorizaci\u00f3n de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de RDBMS Security. CVSS 3.0 Base Score 2.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2017-10292",
"lastModified": "2024-11-21T03:05:50.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.7,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T17:29:02.310",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101350"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de uso de Valores Insuficientemente Aleatorios"
}
],
"id": "CVE-2020-35163",
"lastModified": "2024-11-21T05:26:52.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.273",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition RDBMS Security de Oracle Database Server. Las versiones afectadas son 12.1.0.2, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado de rol de DBA con acceso a la red por medio de Oracle Net, comprometer a Oracle Database - Enterprise Edition RDBMS Security. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (DOS parcial) de Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1, Puntuaci\u00f3n Base 2.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
}
],
"id": "CVE-2022-21432",
"lastModified": "2024-11-21T06:44:41.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:09.780",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6CC4D8AC-0081-420A-AE24-F3D8E071DC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Sharding de Oracle Database Server. Para conocer las versiones compatibles que est\u00e1n afectadas, v\u00e9ase la nota. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado que tenga el privilegio de Local Logon con el inicio de sesi\u00f3n en la infraestructura donde es ejecutado Oracle Database - Enterprise Edition Sharding, comprometer a Oracle Database - Enterprise Edition Sharding. Aunque la vulnerabilidad est\u00e1 en Oracle Database - Enterprise Edition Sharding, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Enterprise Edition Sharding. Nota: Ninguna de las versiones compatibles est\u00e1 afectada. CVSS 3.1, Puntuaci\u00f3n Base 8.8 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2022-21510",
"lastModified": "2024-11-21T06:44:51.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:10.087",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-15 00:55
Modified
2024-11-27 20:15
Severity ?
Summary
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2EDDE6-49F2-41D3-BCB2-F49886A2A170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3FB071-FCCC-4425-AFBF-77287C1B8F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCADB10-49F8-4E8A-B915-6A770620B212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56998F82-855E-4514-A4AF-A36084E10C5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24C6A01A-6308-4C69-B4D5-5BC10277E2E5",
"versionEndIncluding": "10.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76F1E356-E019-47E8-AA5F-702DA93CF74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A90FEC-BCBF-4803-AC2E-55002987BE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6E21D6-B64A-44D2-937D-CB7EDCB996C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8973AFDD-DB77-4AA2-A17C-9BBEE4439E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2A1D7F64-5AE6-4F2D-A282-DFF61399DFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "623DB4CD-8CB3-445A-B9B5-1238CF195235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "83439D9C-2374-473C-8D64-C0DB886FEFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
"matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
"matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
"matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
"matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
"matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
"matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*",
"matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*",
"matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*",
"matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*",
"matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*",
"matchCriteriaId": "DC142ACF-3CBD-4F96-B2AA-C7D48E7CF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B4D332-3CB7-4C57-A689-ED0894659ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*",
"matchCriteriaId": "EB130295-F27C-45DD-80F6-BE4BB0931C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA6F5C9-9EE6-40FA-AA99-B4C7274BE8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
"matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
"matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
"matchCriteriaId": "132B9217-B0E0-4E3E-9096-162AA28E158E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
"matchCriteriaId": "7619F9A0-9054-4217-93D1-3EA64876C5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
"matchCriteriaId": "6D82C405-17E2-4DF1-8DF5-315BD5A41595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
"matchCriteriaId": "4C96806F-4718-4BD3-9102-55A26AA86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C17C77E3-ABCE-4F1F-A55D-DB61A2A5E28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "89B876D5-7095-4BA2-9EE3-3F0632BC2E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "918D00A4-5502-4DD6-A079-807AB3E964B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A38E8EAD-0742-41CB-B69E-DCC483CBC485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E3BE5C-5097-4585-AF0D-79661DC4A231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953723A1-606F-4976-A843-1A3F020B9B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70EC32-7365-4653-8843-84C92EE9EC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFABBD01-0773-4823-ABBA-95181558C88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE68D967-3356-4CF1-A582-F4EEAC52FA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75F11AA6-E01D-4951-BB2C-31BB181DF895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D6AF76-02D2-42C1-9620-8F73D5547CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C762024B-5792-43A3-A82F-A1C0F152F7BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "20C26A6C-3C2E-4A2B-B201-6EE949368EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6DD83-F8B5-4286-879C-EDD35F5C7FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F110827-BCB4-468D-B8F7-4B545F965BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43E177AD-166A-4521-89BE-66E7571EB80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAE0988-3222-4B11-A809-DFEE0FFDD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "683595A9-7C48-455D-91E7-BF7E1F5B4BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AFDC7F-23C2-4925-9356-944CBEBB1E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE446DB7-3B45-461A-A8E7-5DAFAD8AE5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32B39B8F-50BF-460E-BD26-5C38E125362F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA02D40A-7BC3-42C4-8CEF-C992A3EECE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35AB63E6-D66C-4F69-8C76-5BB56B0D6A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F16ABD-287C-4710-9720-570648A13F97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "730917F8-E1F4-4836-B05A-16B2BA5774DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38D69127-E5B0-4BC6-8E0A-A5F16D19B06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C76E9006-A1DA-4902-94C9-AE7071E5A6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D861332D-5976-4544-91C6-4016BAC4648E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D29E76-7A2D-4BC5-AF4E-99A9C31A14D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3407906D-EF23-4812-A597-F0E863DE17B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D17EDB-45BF-4922-8D46-8C340D3F8D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "269E87C2-7474-43F0-870E-C5ADCB73ABFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C23BD3A0-E5AD-4893-AAAF-E2858B4128CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "164CD64D-C160-4F75-BF04-19BC7F6E11BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1510AD8C-14AC-4649-AE37-5310575B3E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44D36CD7-FE10-4A72-8364-DE3EFD49AB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24469F6E-FC82-416A-9639-8FC37BE9745F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E28965-1C24-43CC-AFAA-5716D8F6CC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "368CB806-F671-481F-A9BE-DC320F82E5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7E45F6-2EE9-4E97-B502-F48F2DDC5F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69CAE756-335E-4E02-83F9-B274D416775C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3784838-1A43-4C46-A730-4CB88594A449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F555CE26-6E23-4E7A-A138-6F675EA9BEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69071B74-471C-42C0-AF2D-2D278D355250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C501514-768D-4AC0-8797-152763F24F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "79D2486C-5C39-40C7-B87B-969800F730C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue."
},
{
"lang": "es",
"value": "El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determin\u00edstico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a trav\u00e9s de un ataque de relleno (padding) oracle, tambi\u00e9n conocido como el problema \"POODLE\"."
}
],
"id": "CVE-2014-3566",
"lastModified": "2024-11-27T20:15:18.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-10-15T00:55:02.137",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59627"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60792"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61019"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61345"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61359"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61782"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61819"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61825"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61926"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61995"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/HT204244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX200238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70574"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031029"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031087"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031089"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031090"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031092"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031093"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031094"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031095"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031107"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031120"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031131"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031132"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/1232123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mpgn/poodle-PoC"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6527"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6529"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6531"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6541"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6542"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"source": "secalert@redhat.com",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/HT204244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX200238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/articles/1232123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mpgn/poodle-PoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT6542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://templatelab.com/ssl-poodle/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:14
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3609",
"lastModified": "2024-11-21T02:50:22.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:14:42.940",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91890"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036363"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Portable Clusterware en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-3479",
"lastModified": "2024-11-21T02:50:05.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:32.867",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91898"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036363"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/101344 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101344 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente XML Database de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4 y la 12.1.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios que tenga privilegios Create Session e inicio de sesi\u00f3n en la infraestructura en la que se ejecuta XML Database comprometa la seguridad de XML Database. Aunque la vulnerabilidad est\u00e1 presente en XML Database, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a informaci\u00f3n cr\u00edtica o un acceso completo a todos los datos accesibles de XML Database. Nota: Esta puntuaci\u00f3n es para la plataforma Windows, versi\u00f3n 11.2.0.4 de Database. Para la versi\u00f3n 11.2.0.4 de la plataforma Windows y Linux, la puntuaci\u00f3n es 5.5 con scope Unchanged. CVSS 3.0 Base Score 6.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
],
"id": "CVE-2017-10261",
"lastModified": "2024-11-21T03:05:46.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T17:29:01.403",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101344"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente DB Sharding en Oracle Database Server 12.1.0.2 permite a usuarios locales afectar la integridad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3488",
"lastModified": "2024-11-21T02:50:06.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:42.680",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91905"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036363"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-18 20:15
Modified
2024-11-21 07:43
Severity ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"id": "CVE-2023-21934",
"lastModified": "2024-11-21T07:43:56.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2023-04-18T20:15:14.197",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 00:15
Modified
2024-11-21 07:43
Severity ?
Summary
Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2023.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente de seguridad RDBMS de Oracle Database de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19c y 21c. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con privilegios bajos y privilegios de Crear sesi\u00f3n con acceso a la red a trav\u00e9s de Oracle Net comprometa la seguridad de Oracle Database RDBMS. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Database RDBMS Security, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Database RDBMS Security. CVSS 3.1 Puntaje base 6.3 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)."
}
],
"id": "CVE-2023-21829",
"lastModified": "2024-11-21T07:43:44.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:12.800",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones afectadas son 12.1.0.2, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de m\u00faltiples protocolos, comprometer Java VM. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de datos cr\u00edticos o todos los datos accesibles de Java VM. CVSS 3.1, Puntuaci\u00f3n Base 6.5 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)"
}
],
"id": "CVE-2022-21498",
"lastModified": "2024-11-21T06:44:50.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2022-04-19T21:15:18.597",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Data Redaction de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante poco privilegiado con acceso a la red por medio de Oracle Net, comprometer al componente Oracle Database - Enterprise Edition Data Redaction. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition Data Redaction. CVSS 3.1 Puntuaci\u00f3n Base 3.5 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2021-2336",
"lastModified": "2024-11-21T06:02:54.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-07-21T15:15:16.647",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2024-11-21 02:42
Severity ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios locales afectar a la integridad a trav\u00e9s de vectores desconocidos, una vulnerabilidad distinta a CVE-2016-0690."
}
],
"id": "CVE-2016-0691",
"lastModified": "2024-11-21T02:42:10.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-21T10:59:51.603",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035590"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-23 19:32
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "412CCE88-6555-4129-BCEC-DF7DD28C9CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Portable Clusterware de Oracle Database Server. Las versiones compatibles que se ven afectadas son 11.2.0.4, 12.1.0.2, 12.2.0.1 y 18c. Vulnerabilidad f\u00e1cilmente explotable permite que un atacante muy privilegiado tenga privilegios de usuario de Grid Infrastructure con el inicio de sesi\u00f3n en la infraestructura donde Portable Clusterware se ejecuta para comprometer a Portable Clusterware. Mientras la vulnerabilidad se presenta en Portable Clusterware, los ataques pueden impactar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Portable Clusterware. CVSS 3.0 Puntuaci\u00f3n Base 8.2 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2019-2619",
"lastModified": "2024-11-21T04:41:13.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T19:32:51.787",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | kafka | * | |
| apache | kafka | * | |
| apache | kafka | * | |
| apache | kafka | 1.0.0 | |
| redhat | jboss_middleware_text-only_advisories | 1.0 | |
| oracle | database | 11.2.0.4 | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 12.2.0.1 | |
| oracle | database | 18c | |
| oracle | database | 19c | |
| oracle | primavera_p6_enterprise_project_portfolio_management | * | |
| oracle | timesten_in-memory_database | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B62ED53-55D4-4606-8573-8F0DC8822FCE",
"versionEndIncluding": "0.9.0.1",
"versionStartExcluding": "0.9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C70CB00-3825-45E7-A1BA-ECE1DEE7A2A7",
"versionEndIncluding": "0.10.2.1",
"versionStartIncluding": "0.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CBB01-B4A1-4995-A55E-5518993AD487",
"versionEndIncluding": "0.11.0.2",
"versionStartIncluding": "0.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:kafka:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B64BF-F3CC-4F58-9C30-D986AB04D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*",
"matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "412CCE88-6555-4129-BCEC-DF7DD28C9CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7038B7-BBBB-4C8A-9479-204E11669A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE19678-FB27-4E29-A7BF-232141D52502",
"versionEndIncluding": "19.12.6.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F06877B6-A08F-4305-874E-6CD691B88D12",
"versionEndExcluding": "18.1.2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss."
},
{
"lang": "es",
"value": "En Apache Kafka desde la versi\u00f3n 0.9.0.0.0 hasta la 0.9.0.1, desde la 0.10.0.0 hasta la 0.10.2.1, desde la 0.11.0.0.0 hasta la 0.11.0.2 y en la versi\u00f3n 1.0.0.0, los usuarios autenticados de Kafka pueden realizar acciones reservadas para el Broker a trav\u00e9s de una petici\u00f3n fetch creada manualmente que interfiere con la replicaci\u00f3n de datos, lo que provoca la p\u00e9rdida de datos."
}
],
"id": "CVE-2018-1288",
"lastModified": "2024-11-21T03:59:33.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T14:29:00.547",
"references": [
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/104900"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/104900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-16 16:15
Modified
2024-11-21 05:33
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 12.2.0.1 | |
| oracle | database | 18c | |
| oracle | database | 19c | |
| oracle | weblogic_server_proxy_plug-in | 11.1.1.9.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838D4372-D93F-4BAD-90C2-E6E3BB18C2A9",
"versionEndExcluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "068876EF-0594-4BE6-B9EC-04730837013E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data."
},
{
"lang": "es",
"value": "Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Valor de Retorno No Comprobado.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad para modificar y corromper los datos cifrados"
}
],
"id": "CVE-2020-5359",
"lastModified": "2024-11-21T05:33:58.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-16T16:15:14.320",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-544"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de validaci\u00f3n de entrada inadecuada"
}
],
"id": "CVE-2020-29508",
"lastModified": "2024-11-21T05:24:08.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.207",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Data Pump Import en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3489",
"lastModified": "2024-11-21T02:50:07.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:43.617",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91874"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036363"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-01 15:15
Modified
2024-11-21 05:19
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "463A8EFD-4D04-4DC7-871B-D90CEA1F00AF",
"versionEndExcluding": "4.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.1, contienen una vulnerabilidad de Lectura Excesiva del B\u00fafer"
}
],
"id": "CVE-2020-26185",
"lastModified": "2024-11-21T05:19:28.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-01T15:15:08.900",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84735DD4-8297-4476-9013-967E9E323D9F",
"versionEndExcluding": "4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.2, contienen una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada"
}
],
"id": "CVE-2020-35169",
"lastModified": "2024-11-21T05:26:53.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.543",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-25 14:30
Modified
2024-11-21 02:54
Severity ?
Summary
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Kernel PDB en Oracle Database Server 12.1.0.2 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-5572",
"lastModified": "2024-11-21T02:54:37.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-25T14:30:40.650",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/93634"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1037035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037035"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle XML DB de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante muy privilegiado tener el privilegio de Crear Cualquier Procedimiento, Crear Sin\u00f3nimo P\u00fablico con acceso a la red por medio de Oracle Net, comprometer a Oracle XML DB. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle XML DB. CVSS 3.1 Puntuaci\u00f3n Base 7.2 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)"
}
],
"id": "CVE-2021-2337",
"lastModified": "2024-11-21T06:02:54.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-07-21T15:15:16.860",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-25 14:29
Modified
2024-11-21 02:54
Severity ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 12.1.0.2 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-5497",
"lastModified": "2024-11-21T02:54:27.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-25T14:29:31.797",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/93631"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1037035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037035"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Database Vault en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios locales afectar la confidencialidad y la integridad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3484",
"lastModified": "2024-11-21T02:50:06.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:38.617",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91842"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036363"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 11:00
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEAAD2D-F233-4C5B-B141-44143BA8DE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Java VM en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3454",
"lastModified": "2024-11-21T02:50:02.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-21T11:00:35.637",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035590"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition de Oracle Database Server.\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1, 18c y 19c.\u0026#xa0;La vulnerabilidad f\u00e1cilmente explotable permite a un atacante muy privilegiado contar con privilegios de ejecuci\u00f3n RMAN con inicio de sesi\u00f3n en la infraestructura donde se ejecuta Oracle Database - Enterprise Edition comprometer a Oracle Database - Enterprise Edition.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 2.3 (Impactos en la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2021-2207",
"lastModified": "2024-11-21T06:02:37.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-04-22T22:15:14.420",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 10:05
Modified
2024-11-21 00:45
Severity ?
Summary
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA9867F-D7BC-4230-9584-C2FBB6642482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0223F3-A9D4-4A4F-8934-761D83CD5494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF7ABE6-0AFB-4A74-A533-2D390991A6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:9.0.1.5:*:*:*:*:fips:*:*",
"matchCriteriaId": "11E341D3-EEE6-44AC-95B2-B27BB4172E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:9.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2A79241E-EDAB-4116-8590-D4EC347F8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:9.2.0.8dv:*:*:*:*:*:*:*",
"matchCriteriaId": "A3033B3C-17DC-41A4-B076-5F0B4CF35D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B547C059-4402-4A6D-9E08-02D7F6E2BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:10.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B45AF1-4C5A-45FF-BC5B-04328D3B89CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el componente Oracle Secure Enterprise Search o Ultrasearch en Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3; Application Server 9.0.4.3 y 10.1.2.2 y Oracle Collaboration Suite 10.1.2; tiene impacto y vectores de ataque remotos desconocidos, tambi\u00e9n conocido como DB04."
}
],
"id": "CVE-2008-1814",
"lastModified": "2024-11-21T00:45:24.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29829"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29874"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019855"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
4.8 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable"
}
],
"id": "CVE-2020-35167",
"lastModified": "2024-11-21T05:26:53.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 4.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.437",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 19:59
Modified
2024-11-21 03:25
Severity ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente OJVM de Oracle Database Server. Versiones compatibles que son afectadas son 11.2.0.4 y 12.1.0.2. Dif\u00edcil de explotar la vulnerabilidad permite que el atacante de bajo privilegio tenga privilegios Crear Sesi\u00f3n, Crear Procedimiento con acceso a la red a trav\u00e9s de m\u00faltiples protocolos para comprometer OJVM. Los ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un bloqueo o frecuencia de ca\u00edda repetible (complete DOS) de OJVM. CVSS 3.0 Base Score 5.3 (Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2017-3567",
"lastModified": "2024-11-21T03:25:49.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T19:59:04.957",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97873"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1038284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038284"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2F60F7-BCF1-4953-9D72-263A0C7287BD",
"versionEndExcluding": "4.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1298418C-018B-4C1C-A81C-A5F8525DA6BB",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.4, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.4, contienen una vulnerabilidad de validaci\u00f3n de entrada inadecuada"
}
],
"id": "CVE-2020-29507",
"lastModified": "2024-11-21T05:24:08.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.147",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E26D80A2-E490-44B6-A8D2-1AEF487E72B2",
"versionEndIncluding": "2.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F26126-55C2-4E2E-A586-D93FF38ABF6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0.210420:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9A68D0-1C6A-4B0B-934B-F82555C09C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podr\u00eda explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma clave compartida predecible."
}
],
"id": "CVE-2019-3738",
"lastModified": "2024-11-21T04:42:26.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.047",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 19:30
Modified
2024-11-21 04:40
Severity ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/106584 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106584 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "412CCE88-6555-4129-BCEC-DF7DD28C9CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Core RDBMS de Oracle Database Server. Las versiones soportadas que se han visto afectadas son la 12.2.0.1 y la 18c. Esta vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios (Local Logon) y con permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Core RDBMS comprometa Core RDBMS. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Core RDBMS, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Core RDBMS. CVSS 3.0 Base Score 8.2 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2019-2444",
"lastModified": "2024-11-21T04:40:53.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T19:30:32.377",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106584"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:12
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7038B7-BBBB-4C8A-9479-204E11669A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD30EF6-606E-416A-B758-43CD75437A3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Core RDBMS de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de Oracle Net, comprometer el Core RDBMS. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Core RDBMS. CVSS 3.1 Puntuaci\u00f3n Base 4.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)"
}
],
"id": "CVE-2021-35557",
"lastModified": "2024-11-21T06:12:30.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-20T11:16:34.127",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2021.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Unified Audit de Oracle Database Server.\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 18c y 19c.\u0026#xa0;Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante muy privilegiado que tenga el privilegio Create Audit Policy con acceso a la red por medio de Oracle Net comprometer a Oracle Database - Enterprise Edition Unified Audit.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition Unified Audit.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 2.7 (Impactos en la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2021-2245",
"lastModified": "2024-11-21T06:02:42.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-04-22T22:15:15.517",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones afectadas son 12.1.0.2, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de Oracle Net, comprometer Java VM. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Java VM. CVSS 3.1, Puntuaci\u00f3n Base 6.5 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
}
],
"id": "CVE-2022-21565",
"lastModified": "2024-11-21T06:44:58.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:12.993",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2021.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Data Redaction de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante poco privilegiado con acceso a la red por medio de Oracle Net, comprometer al componente Oracle Database - Enterprise Edition Data Redaction. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition Data Redaction. CVSS 3.1 Puntuaci\u00f3n Base 3.5 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2021-2335",
"lastModified": "2024-11-21T06:02:54.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-07-21T15:15:16.437",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 00:15
Modified
2024-11-21 07:43
Severity ?
Summary
Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2023.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente de redacci\u00f3n de datos de la base de datos Oracle de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19c y 21c. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y privilegios de Crear sesi\u00f3n con acceso a la red a trav\u00e9s de Oracle Net comprometa la redacci\u00f3n de datos de la base de datos Oracle. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Database Data Redaction. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
],
"id": "CVE-2023-21827",
"lastModified": "2024-11-21T07:43:43.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:12.660",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\u00a0versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable"
}
],
"id": "CVE-2020-35166",
"lastModified": "2024-11-21T05:26:53.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.383",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/101329 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101329 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Core RDBMS de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4, 12.1.0.2 y la 12.2.0.1. Esta vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios y con el privilegio de sesi\u00f3n Create con permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Core RDBMS comprometa la seguridad de Core RDBMS. Aunque la vulnerabilidad est\u00e1 presente en Core RDBMS los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Core RDBMS. Nota: La puntuaci\u00f3n es para la versi\u00f3n 11.2.0.4 de Database para Windows. Para la versi\u00f3n 12.1.0.2 de la plataforma Windows y Linux, la puntuaci\u00f3n es 7.8 con el alcance \"Unchanged\". CVSS 3.0 Base Score 8.8 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2017-10321",
"lastModified": "2024-11-21T03:05:54.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T17:29:03.170",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101329"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-01 12:15
Modified
2024-11-21 05:54
Severity ?
Summary
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E998F73-DAF4-46E6-A766-EEA9FE9ABA5A",
"versionEndIncluding": "7.0.107",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ABB491-6750-457E-B5A4-67C1146CB15F",
"versionEndIncluding": "8.5.61",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DFCBAF-1583-4C2F-8776-76F4DCB582B5",
"versionEndIncluding": "9.0.41",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA7CC5E9-3631-4073-84C8-2C12D90686CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "83B9FF07-1B93-4F8C-AC56-7CA74E61B724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "53A9F7EE-AF2A-43E5-B708-0198784AB45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "AC872C5F-63AF-4BB8-8629-334FC9704AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "94B95C95-DF3E-49C1-9CA0-4474DD7EF7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "310B0163-01DE-40DA-A2EA-FFA4A6100037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "75420449-A951-4133-A5F1-4C01F2DF843B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38532AE4-9C9F-4182-A791-FCD2BE27DEA6",
"versionEndExcluding": "21.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F2267-61EA-4F12-ADE9-85CB6F6B290E",
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B15024-E757-443B-8424-BBF0A28C3753",
"versionEndExcluding": "21.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E0A69B-9039-4405-8E87-928DB998E6EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."
},
{
"lang": "es",
"value": "La correcci\u00f3n para el CVE-2020-9484 estaba incompleta.\u0026#xa0;Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41, versiones 8.5.0 hasta 8.5.61 o versiones 7.0.0.\u0026#xa0;hasta 7.0.107, con un caso de borde de configuraci\u00f3n que era muy poco probable que se usara, la instancia de Tomcat segu\u00eda siendo vulnerable a CVE-2020-9494.\u0026#xa0;Tome en cuenta que tanto los requisitos previos publicados anteriormente para CVE-2020-9484 como las mitigaciones publicadas anteriormente para CVE-2020-9484 tambi\u00e9n se aplican a este problema"
}
],
"id": "CVE-2021-25329",
"lastModified": "2024-11-21T05:54:45.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-01T12:15:14.280",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 19:30
Modified
2024-11-21 04:40
Severity ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "412CCE88-6555-4129-BCEC-DF7DD28C9CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Core RDBMS de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 12.1.0.2, 12.2.0.1 y la 18c. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un alto nivel de privilegios y con permisos Create Session y Execute Catalog Role que tenga acceso a red por medio de Oracle Net comprometa la seguridad de Core RDBMS. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Core RDBMS. CVSS 3.0 Base Score 7.2 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"id": "CVE-2019-2406",
"lastModified": "2024-11-21T04:40:48.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T19:30:31.077",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106591"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/101335 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101335 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039591 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4, 12.1.0.2 y la 12.2.0.1. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con privilegios Create Session, Create Procedure e inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Java VM comprometa la seguridad de Java VM. Aunque la vulnerabilidad est\u00e1 presente en Java VM, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java VM. CVSS 3.0 Base Score 8.2 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
],
"id": "CVE-2017-10190",
"lastModified": "2024-11-21T03:05:35.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T17:29:01.170",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101335"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D1B15-8F35-4976-8BA0-35816ECE6A92",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84735DD4-8297-4476-9013-967E9E323D9F",
"versionEndExcluding": "4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD166F7-8A83-4BC7-A392-E830E87F841B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability."
},
{
"lang": "es",
"value": "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.5.2, contienen una vulnerabilidad de discrepancia de tiempo observable"
}
],
"id": "CVE-2020-29506",
"lastModified": "2024-11-21T05:24:08.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T20:15:08.083",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1710B5A7-08C4-44D8-A175-044FCD92B314",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9757B880-0E5B-40B1-A15C-0EAA52046A73",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE68BD5-3D1C-4D69-B026-319FBEDBC798",
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B8C7B-2654-4F9C-9B5D-794DA484B42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6F5710-490D-41D4-8C9B-27FC530117A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68165D37-489E-45D7-BA7A-A38164B5C26D",
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54B0A494-14DD-4384-9DCE-14945EBE1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A890746E-EE1A-4DBC-BB04-84CC79767F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6308E929-D44D-48A1-BAEE-47BE4E164124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD2640A-5964-4937-B912-CEA2173FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BE9059-29C1-417D-AFB3-98066E95D883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
},
{
"lang": "es",
"value": "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposici\u00f3n de Informaci\u00f3n por medio de vulnerabilidades de Discrepancia de Sincronizaci\u00f3n durante la generaci\u00f3n de claves ECDSA. Un atacante remoto malicioso podr\u00eda explotar potencialmente esas vulnerabilidades para recuperar claves ECDSA."
}
],
"id": "CVE-2019-3739",
"lastModified": "2024-11-21T04:42:26.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:11.110",
"references": [
{
"source": "security_alert@emc.com",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
cve-2017-10190
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:57
Severity ?
EPSS score ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039591 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101335 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 Version: 12.2.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:33:16.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"name": "101335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101335"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-10190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:39:08.880050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:57:48.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039591"
},
{
"name": "101335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039591"
},
{
"name": "101335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-10190",
"datePublished": "2017-10-19T17:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-10-04T16:57:48.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35164
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:51
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 and 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385: Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:18:56",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 and 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385: Covert Timing Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35164",
"datePublished": "2022-07-11T19:25:40.941373Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-16T20:51:39.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21510
Vulnerability from cvelistv5
Published
2022-07-19 21:06
Modified
2024-09-24 20:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: None |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:49:02.956129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:03:54.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "None"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T21:06:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21510",
"datePublished": "2022-07-19T21:06:43",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:03:54.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10321
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:52
Severity ?
EPSS score ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101329 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039591 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 Version: 12.2.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:54.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101329"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-10321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:39:00.718692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:52:21.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101329"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101329"
},
{
"name": "1039591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-10321",
"datePublished": "2017-10-19T17:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-10-04T16:52:21.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35169
Vulnerability from cvelistv5
Published
2022-07-11 19:26
Modified
2024-09-16 17:37
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 and 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:19:32",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 and 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35169",
"datePublished": "2022-07-11T19:26:03.078535Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-16T17:37:40.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3609
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:40
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91890 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036363 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:52:51.606356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:40:43.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "91890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91890"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3609",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:40:43.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5360
Vulnerability from cvelistv5
Published
2020-12-16 15:50
Modified
2024-09-16 22:57
Severity ?
EPSS score ?
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Micro Edition Suite |
Version: unspecified < 4.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Micro Edition Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-127",
"description": "CWE-127: Buffer Under-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:23",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-05-18",
"ID": "CVE-2020-5360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-127: Buffer Under-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5360",
"datePublished": "2020-12-16T15:50:15.206975Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:57:09.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21934
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-16 15:18
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:59:28.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:39:39.927345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:18:18.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:54:24.566Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21934",
"datePublished": "2023-04-18T19:54:24.566Z",
"dateReserved": "2022-12-17T19:26:00.721Z",
"dateUpdated": "2024-09-16T15:18:18.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5497
Vulnerability from cvelistv5
Published
2016-10-25 14:00
Modified
2024-10-10 18:46
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93631 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037035 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:01:00.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93631"
},
{
"name": "1037035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-5497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:47:08.420251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:46:23.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93631"
},
{
"name": "1037035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93631"
},
{
"name": "1037035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-5497",
"datePublished": "2016-10-25T14:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-10-10T18:46:23.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3739
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310: Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:42",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-09",
"ID": "CVE-2019-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3739",
"datePublished": "2019-09-18T22:23:10.098836Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:43:20.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3484
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:54
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91842 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036363 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91842"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:49:49.553721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:54:39.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91842"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91842"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3484",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:54:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35557
Vulnerability from cvelistv5
Published
2021-10-20 10:50
Modified
2024-09-25 19:35
Severity ?
EPSS score ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:14:57.351389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:35:59.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:50:05",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-35557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-35557",
"datePublished": "2021-10-20T10:50:05",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-25T19:35:59.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10292
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:54
Severity ?
EPSS score ?
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101350 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039591 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 Version: 12.2.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:33:17.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101350"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-10292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:45:38.729576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:54:55.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101350"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101350"
},
{
"name": "1039591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-10292",
"datePublished": "2017-10-19T17:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-10-04T16:54:55.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35163
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5, 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5, 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:18:45",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5, 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35163",
"datePublished": "2022-07-11T19:25:36.649710Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-17T02:27:00.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29506
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 and 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385: Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:17:53",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-29506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 and 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385: Covert Timing Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29506",
"datePublished": "2022-07-11T19:25:21.332861Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-17T00:06:38.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3488
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:54
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91905 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036363 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91905"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:49:45.678957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:54:11.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91905"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91905"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3488",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:54:11.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35167
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 or 4.1.4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 or 4.1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:19:14",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 or 4.1.4.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35167",
"datePublished": "2022-07-11T19:25:51.197478Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-16T20:36:20.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26185
Vulnerability from cvelistv5
Published
2022-06-01 14:25
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Micro Edition Suite |
Version: unspecified < 4.5.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Micro Edition Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:16:17",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-05-31",
"ID": "CVE-2020-26185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.5.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26185",
"datePublished": "2022-06-01T14:25:14.948277Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-17T00:20:55.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21827
Vulnerability from cvelistv5
Published
2023-01-17 23:35
Modified
2024-09-17 14:16
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:03:52.520827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:16:50.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T23:37:26.301Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21827",
"datePublished": "2023-01-17T23:35:06.277Z",
"dateReserved": "2022-12-17T19:26:00.688Z",
"dateUpdated": "2024-09-17T14:16:50.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35166
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Dell | BSAFE Crypto-C Micro Edition |
Version: 0 ≤ |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell BSAFE Micro Edition Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2019-09-10T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversions before 4.6, contain an Observable Timing Discrepancy Vulnerability.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\u00a0versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385: Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T17:01:19.126Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 or later"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.1,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385: Covert Timing Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35166",
"datePublished": "2022-07-11T19:25:46.298334Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-17T01:56:17.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3479
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:55
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91898 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036363 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T20:11:35.345212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:55:23.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "91898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91898"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3479",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:55:23.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5572
Vulnerability from cvelistv5
Published
2016-10-25 14:00
Modified
2024-10-10 18:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93634 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037035 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:57.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93634"
},
{
"name": "1037035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-5572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:46:44.252726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:24:46.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93634"
},
{
"name": "1037035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93634"
},
{
"name": "1037035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-5572",
"datePublished": "2016-10-25T14:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-10-10T18:24:46.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3738
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10318 | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325: Missing Required Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:41",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325: Missing Required Cryptographic Step"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3738",
"datePublished": "2019-09-18T22:23:10.057919Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:44.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21511
Vulnerability from cvelistv5
Published
2022-07-19 21:06
Modified
2024-09-24 20:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: None |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:49:01.710460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:03:47.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "None"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T21:06:44",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21511",
"datePublished": "2022-07-19T21:06:45",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:03:47.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1814
Vulnerability from cvelistv5
Published
2008-04-16 10:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41997 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1267/references | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/1233/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1019855 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/29829 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/491024/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29874 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/491024/100/0/threaded | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-search-wksys-unspecified(41997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41997"
},
{
"name": "oracle-cpu-april-2008(41858)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"name": "ADV-2008-1267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"name": "ADV-2008-1233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"name": "1019855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019855"
},
{
"name": "29829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29829"
},
{
"name": "HPSBMA02133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name": "29874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-search-wksys-unspecified(41997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41997"
},
{
"name": "oracle-cpu-april-2008(41858)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"name": "ADV-2008-1267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"name": "ADV-2008-1233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"name": "1019855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019855"
},
{
"name": "29829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29829"
},
{
"name": "HPSBMA02133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name": "29874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-search-wksys-unspecified(41997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41997"
},
{
"name": "oracle-cpu-april-2008(41858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"name": "ADV-2008-1267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"name": "ADV-2008-1233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"name": "1019855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019855"
},
{
"name": "29829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29829"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name": "29874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1814",
"datePublished": "2008-04-16T10:00:00",
"dateReserved": "2008-04-15T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3489
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:54
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91874 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036363 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91874"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:53:25.391745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:54:04.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91874"
},
{
"name": "1036363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91874"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3489",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:54:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0691
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-15 19:09
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035590 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-0691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:58:16.494377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:09:25.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-0691",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2015-12-09T00:00:00",
"dateUpdated": "2024-10-15T19:09:25.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2978
Vulnerability from cvelistv5
Published
2020-07-15 00:00
Modified
2024-09-27 18:44
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 18c Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T18:00:09.723357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:44:51.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "18c"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged/"
},
{
"url": "http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2978",
"datePublished": "2020-07-15T00:00:00",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-27T18:44:51.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0076
Vulnerability from cvelistv5
Published
2010-01-13 01:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html | x_refsource_CONFIRM | |
| http://www.us-cert.gov/cas/techalerts/TA10-012A.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-23T09:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-0076",
"datePublished": "2010-01-13T01:00:00",
"dateReserved": "2009-12-16T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2336
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-09-26 14:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:52:18.556524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:06:35.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:43:15",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2336",
"datePublished": "2021-07-20T22:43:15",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T14:06:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2207
Vulnerability from cvelistv5
Published
2021-04-22 00:00
Modified
2024-09-26 18:11
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 18c Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:55.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:53:04.552003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:11:48.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "18c"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T14:06:15.100927",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"url": "http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2207",
"datePublished": "2021-04-22T00:00:00",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T18:11:48.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21829
Vulnerability from cvelistv5
Published
2023-01-17 23:35
Modified
2024-09-17 14:16
Severity ?
EPSS score ?
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:51.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:03:51.065758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:16:40.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T23:37:27.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21829",
"datePublished": "2023-01-17T23:35:06.897Z",
"dateReserved": "2022-12-17T19:26:00.688Z",
"dateUpdated": "2024-09-17T14:16:40.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14901
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:00
Severity ?
EPSS score ?
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:42:40.824503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:00:22.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T14:04:31",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-14901",
"datePublished": "2020-10-21T14:04:31",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-09-26T20:00:22.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9484
Vulnerability from cvelistv5
Published
2020-05-20 18:26
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Apache Tomcat |
Version: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/6"
},
{
"name": "GLSA-202006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"name": "FEDORA-2020-ce396e7d5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
},
{
"name": "FEDORA-2020-d9169235a8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
},
{
"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
},
{
"name": "DSA-4727",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"name": "USN-4448-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"name": "USN-4596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:24:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/6"
},
{
"name": "GLSA-202006-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"name": "FEDORA-2020-ce396e7d5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
},
{
"name": "FEDORA-2020-d9169235a8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
},
{
"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
},
{
"name": "DSA-4727",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"name": "USN-4448-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"name": "USN-4596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-9484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0711",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/6"
},
{
"name": "GLSA-202006-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"name": "FEDORA-2020-ce396e7d5c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
},
{
"name": "FEDORA-2020-d9169235a8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
},
{
"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"name": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
},
{
"name": "DSA-4727",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"name": "USN-4448-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"name": "USN-4596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-9484",
"datePublished": "2020-05-20T18:26:41",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5359
Vulnerability from cvelistv5
Published
2020-12-16 15:50
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Micro Edition Suite |
Version: unspecified < 4.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Micro Edition Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-544",
"description": "CWE-544: Missing Standardized Error Handling Mechanism",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:23",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-12-15",
"ID": "CVE-2020-5359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-544: Missing Standardized Error Handling Mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5359",
"datePublished": "2020-12-16T15:50:14.593923Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:45:42.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21565
Vulnerability from cvelistv5
Published
2022-07-19 21:08
Modified
2024-09-24 19:55
Severity ?
EPSS score ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:07:01.511907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:55:30.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T21:08:08",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21565",
"datePublished": "2022-07-19T21:08:08",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T19:55:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21596
Vulnerability from cvelistv5
Published
2022-10-18 00:00
Modified
2024-09-24 19:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:25:24.567727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:37:49.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21596",
"datePublished": "2022-10-18T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T19:37:49.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3454
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-15 19:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035590 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:55:26.466341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:04:11.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3454",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-15T19:04:11.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3567
Vulnerability from cvelistv5
Published
2017-04-24 19:00
Modified
2024-10-07 16:11
Severity ?
EPSS score ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038284 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97873 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:30:58.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038284"
},
{
"name": "97873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97873"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:44:41.723708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T16:11:10.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038284"
},
{
"name": "97873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038284"
},
{
"name": "97873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3567",
"datePublished": "2017-04-24T19:00:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-07T16:11:10.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2245
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 14:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 18c Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:56.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:42:51.832427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:47:55.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "18c"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:53:55",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "18c"
},
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2245",
"datePublished": "2021-04-22T21:53:55",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T14:47:55.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3566
Vulnerability from cvelistv5
Published
2014-10-15 00:00
Modified
2024-11-27 19:31
Severity ?
EPSS score ?
Summary
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-27T19:31:57.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://templatelab.com/ssl-poodle/"
},
{
"name": "HPSBOV03227",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"name": "1031090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"name": "RHSA-2014:1880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"name": "HPSBHF03300",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"name": "VU#577193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"name": "HPSBMU03184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"name": "HPSBGN03209",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6542"
},
{
"name": "1031106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031106"
},
{
"name": "HPSBGN03201",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"name": "SSRT101898",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"name": "SSRT101896",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"name": "60056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60056"
},
{
"name": "RHSA-2014:1877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"name": "HPSBUX03162",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61130"
},
{
"name": "RHSA-2015:1546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
},
{
"name": "SUSE-SU-2015:0503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"name": "RHSA-2014:1920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
},
{
"name": "1031087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031087"
},
{
"name": "HPSBMU03234",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"name": "SSRT101849",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200238"
},
{
"name": "61359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6541"
},
{
"name": "1031093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031093"
},
{
"name": "1031132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031132"
},
{
"name": "DSA-3144",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"name": "SSRT101790",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"name": "DSA-3253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
},
{
"name": "APPLE-SA-2014-10-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "SSRT101854",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
},
{
"name": "HPSBST03195",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"name": "61827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61827"
},
{
"name": "HPSBMU03152",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"name": "RHSA-2015:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name": "HPSBMU03304",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"name": "RHSA-2015:1545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"name": "HPSBMU03259",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"name": "1031094",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name": "61316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61316"
},
{
"name": "GLSA-201606-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"name": "RHSA-2014:1881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"name": "1031096",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031096"
},
{
"name": "HPSBHF03275",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"name": "61810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61810"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "DSA-3053",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"name": "HPSBGN03237",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"name": "1031107",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031107"
},
{
"name": "1031095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031095"
},
{
"name": "HPSBMU03223",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"name": "SUSE-SU-2014:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name": "HPSBGN03305",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"name": "HPSBUX03194",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"name": "SSRT101868",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "1031091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031091"
},
{
"name": "HPSBMU03260",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "1031123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205217"
},
{
"name": "1031092",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SUSE-SU-2015:0376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"name": "61926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61926"
},
{
"name": "RHSA-2014:1876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"name": "SSRT101779",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
},
{
"name": "HPSBHF03156",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SSRT101838",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"name": "HPSBGN03569",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"name": "APPLE-SA-2015-09-16-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6531"
},
{
"name": "SUSE-SU-2014:1357",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"name": "RHSA-2015:0264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SSRT101897",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"name": "HPSBGN03203",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"name": "60206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"name": "60792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60792"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "DSA-3489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"name": "1031105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"name": "FEDORA-2014-13069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
},
{
"name": "1031131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031131"
},
{
"name": "HPSBMU03221",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"name": "USN-2487-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name": "SSRT101795",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"name": "HPSBGN03222",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"name": "1031130",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031130"
},
{
"name": "HPSBMU03301",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"name": "HPSBGN03164",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"name": "RHSA-2014:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
},
{
"name": "NetBSD-SA2014-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"name": "HPSBGN03192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"name": "RHSA-2014:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
},
{
"name": "SUSE-SU-2015:0392",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name": "HPSBMU03416",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"name": "HPSBMU03283",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"name": "RHSA-2015:0085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "FEDORA-2014-12951",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
},
{
"name": "HPSBGN03191",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
},
{
"name": "SSRT101767",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "SUSE-SU-2014:1526",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name": "HPSBGN03332",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"name": "RHSA-2014:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "SUSE-SU-2015:0345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name": "HPSBST03265",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"name": "RHSA-2015:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"name": "HPSBMU03241",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"name": "1031124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031124"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "SUSE-SU-2015:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name": "RHSA-2015:0080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"name": "HPSBMU03294",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"name": "RHSA-2014:1882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"name": "RHSA-2015:0068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"name": "HPSBGN03251",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"name": "USN-2486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name": "HPSBGN03391",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"name": "59627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59627"
},
{
"name": "HPSBGN03208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"name": "SSRT101894",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "HPSBMU03214",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "HPSBMU03263",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"name": "HPSBGN03254",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
},
{
"name": "HPSBGN03205",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"name": "RHSA-2015:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "SUSE-SU-2014:1361",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
},
{
"name": "60859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60859"
},
{
"name": "APPLE-SA-2014-10-20-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"name": "GLSA-201507-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"name": "SSRT101921",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"name": "SSRT101951",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"name": "61345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61345"
},
{
"name": "SSRT101834",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"name": "61019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61019"
},
{
"name": "70574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70574"
},
{
"name": "1031120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "61825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"name": "1031029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031029"
},
{
"name": "HPSBUX03281",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name": "HPSBMU03262",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"name": "HPSBMU03267",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
},
{
"name": "HPSBMU03261",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "61782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/articles/1232123"
},
{
"name": "MDVSA-2015:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "FEDORA-2015-9110",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
},
{
"name": "1031085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031085"
},
{
"name": "HPSBST03418",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "SSRT101892",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"name": "APPLE-SA-2014-10-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"name": "HPSBGN03233",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "SSRT101916",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mpgn/poodle-PoC"
},
{
"name": "MDVSA-2014:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"name": "SSRT101739",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "SSRT101968",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SSRT101899",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"name": "openSUSE-SU-2015:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "61303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61303"
},
{
"name": "HPSBGN03252",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"name": "HPSBUX03273",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"name": "1031039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031039"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"name": "SSRT101998",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"name": "SUSE-SU-2015:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name": "SSRT101922",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"name": "1031089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031089"
},
{
"name": "HPSBGN03253",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"name": "HPSBMU03183",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"name": "TA14-290A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
},
{
"name": "FEDORA-2014-13012",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
},
{
"name": "61819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61819"
},
{
"name": "HPSBGN03255",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"name": "1031088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031088"
},
{
"name": "DSA-3147",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"name": "61995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61995"
},
{
"name": "HPSBGN03202",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
},
{
"name": "SSRT101928",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"name": "1031086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031086"
},
{
"name": "HPSBPI03360",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "RHSA-2014:1692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
},
{
"name": "FEDORA-2015-9090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
},
{
"name": "HPSBPI03107",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:29:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "HPSBOV03227",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"name": "1031090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"name": "RHSA-2014:1880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"name": "HPSBHF03300",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"name": "VU#577193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"name": "HPSBMU03184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"name": "HPSBGN03209",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6542"
},
{
"name": "1031106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031106"
},
{
"name": "HPSBGN03201",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"name": "SSRT101898",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"name": "SSRT101896",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"name": "60056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60056"
},
{
"name": "RHSA-2014:1877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"name": "HPSBUX03162",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61130"
},
{
"name": "RHSA-2015:1546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html"
},
{
"name": "SUSE-SU-2015:0503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"name": "RHSA-2014:1920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html"
},
{
"name": "1031087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031087"
},
{
"name": "HPSBMU03234",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"name": "SSRT101849",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200238"
},
{
"name": "61359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6541"
},
{
"name": "1031093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031093"
},
{
"name": "1031132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031132"
},
{
"name": "DSA-3144",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"name": "SSRT101790",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"name": "DSA-3253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
},
{
"name": "APPLE-SA-2014-10-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "SSRT101854",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
},
{
"name": "HPSBST03195",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"name": "61827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61827"
},
{
"name": "HPSBMU03152",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"name": "RHSA-2015:0079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name": "HPSBMU03304",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"name": "RHSA-2015:1545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"name": "HPSBMU03259",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"name": "1031094",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name": "61316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61316"
},
{
"name": "GLSA-201606-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"name": "RHSA-2014:1881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"name": "1031096",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031096"
},
{
"name": "HPSBHF03275",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"name": "61810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61810"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "DSA-3053",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"name": "HPSBGN03237",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"name": "1031107",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031107"
},
{
"name": "1031095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031095"
},
{
"name": "HPSBMU03223",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"name": "SUSE-SU-2014:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name": "HPSBGN03305",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"name": "HPSBUX03194",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"name": "SSRT101868",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "1031091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031091"
},
{
"name": "HPSBMU03260",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "1031123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205217"
},
{
"name": "1031092",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SUSE-SU-2015:0376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"name": "61926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61926"
},
{
"name": "RHSA-2014:1876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"name": "SSRT101779",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"
},
{
"name": "HPSBHF03156",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SSRT101838",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"name": "HPSBGN03569",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"name": "APPLE-SA-2015-09-16-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6531"
},
{
"name": "SUSE-SU-2014:1357",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"name": "RHSA-2015:0264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SSRT101897",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"name": "HPSBGN03203",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"name": "60206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"name": "60792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60792"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "DSA-3489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"name": "1031105",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"name": "FEDORA-2014-13069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"
},
{
"name": "1031131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031131"
},
{
"name": "HPSBMU03221",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"name": "USN-2487-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name": "SSRT101795",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"name": "HPSBGN03222",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"name": "1031130",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031130"
},
{
"name": "HPSBMU03301",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"name": "HPSBGN03164",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"name": "RHSA-2014:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html"
},
{
"name": "NetBSD-SA2014-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"name": "HPSBGN03192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"name": "RHSA-2014:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html"
},
{
"name": "SUSE-SU-2015:0392",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name": "HPSBMU03416",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"name": "HPSBMU03283",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"name": "RHSA-2015:0085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "FEDORA-2014-12951",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"
},
{
"name": "HPSBGN03191",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"
},
{
"name": "SSRT101767",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "SUSE-SU-2014:1526",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name": "HPSBGN03332",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"name": "RHSA-2014:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "SUSE-SU-2015:0345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name": "HPSBST03265",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"name": "RHSA-2015:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"name": "HPSBMU03241",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"name": "1031124",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031124"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "SUSE-SU-2015:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name": "RHSA-2015:0080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"name": "HPSBMU03294",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"name": "RHSA-2014:1882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"name": "RHSA-2015:0068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"name": "HPSBGN03251",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"name": "USN-2486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name": "HPSBGN03391",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"name": "59627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59627"
},
{
"name": "HPSBGN03208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"name": "SSRT101894",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "HPSBMU03214",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "HPSBMU03263",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"name": "HPSBGN03254",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
},
{
"name": "HPSBGN03205",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"name": "RHSA-2015:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "SUSE-SU-2014:1361",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html"
},
{
"name": "60859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60859"
},
{
"name": "APPLE-SA-2014-10-20-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"name": "GLSA-201507-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"name": "SSRT101921",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"name": "SSRT101951",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"name": "61345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61345"
},
{
"name": "SSRT101834",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"name": "61019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61019"
},
{
"name": "70574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70574"
},
{
"name": "1031120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "61825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"name": "1031029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031029"
},
{
"name": "HPSBUX03281",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name": "HPSBMU03262",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"name": "HPSBMU03267",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"
},
{
"name": "HPSBMU03261",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"name": "SUSE-SU-2016:1459",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "61782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/articles/1232123"
},
{
"name": "MDVSA-2015:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "FEDORA-2015-9110",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"
},
{
"name": "1031085",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031085"
},
{
"name": "HPSBST03418",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "SSRT101892",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"name": "APPLE-SA-2014-10-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"name": "HPSBGN03233",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "SSRT101916",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mpgn/poodle-PoC"
},
{
"name": "MDVSA-2014:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"name": "SSRT101739",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "SSRT101968",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SSRT101899",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"name": "openSUSE-SU-2015:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "61303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61303"
},
{
"name": "HPSBGN03252",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"name": "HPSBUX03273",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"name": "1031039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031039"
},
{
"name": "SUSE-SU-2016:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"name": "SSRT101998",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"name": "SUSE-SU-2015:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name": "SSRT101922",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"name": "1031089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031089"
},
{
"name": "HPSBGN03253",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"name": "HPSBMU03183",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"name": "TA14-290A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-290A"
},
{
"name": "FEDORA-2014-13012",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"
},
{
"name": "61819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61819"
},
{
"name": "HPSBGN03255",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"name": "1031088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031088"
},
{
"name": "DSA-3147",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"name": "61995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61995"
},
{
"name": "HPSBGN03202",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090"
},
{
"name": "SSRT101928",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"name": "1031086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031086"
},
{
"name": "HPSBPI03360",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "RHSA-2014:1692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
},
{
"name": "FEDORA-2015-9090",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"
},
{
"name": "HPSBPI03107",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3566",
"datePublished": "2014-10-15T00:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-11-27T19:31:57.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10261
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:57
Severity ?
EPSS score ?
Summary
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101344 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039591 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:33:16.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101344"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-10261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:46:22.464556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:57:03.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101344"
},
{
"name": "1039591",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101344"
},
{
"name": "1039591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-10261",
"datePublished": "2017-10-19T17:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-10-04T16:57:03.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2183
Vulnerability from cvelistv5
Published
2016-09-01 00:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:0338",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"name": "RHSA-2017:3240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "RHSA-2017:2709",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"name": "92630",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"name": "RHSA-2017:3239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "42091",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"name": "GLSA-201701-65",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "1036696",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "GLSA-201707-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"name": "95568",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"tags": [
"x_transferred"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name": "RHSA-2017:2710",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"name": "RHSA-2018:2123",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"name": "RHSA-2017:0337",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"name": "RHSA-2017:2708",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"name": "RHSA-2017:0336",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"name": "SUSE-SU-2016:2470",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name": "RHSA-2017:0462",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"name": "SUSE-SU-2017:2700",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"name": "USN-3087-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"name": "SUSE-SU-2016:2469",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"name": "openSUSE-SU-2016:2537",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"name": "USN-3087-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"name": "SUSE-SU-2017:2699",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"name": "openSUSE-SU-2016:2407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"name": "USN-3194-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"name": "SUSE-SU-2016:2458",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"name": "DSA-3673",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"name": "openSUSE-SU-2016:2391",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"name": "USN-3372-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"name": "openSUSE-SU-2018:0458",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"name": "SUSE-SU-2017:0460",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"name": "SUSE-SU-2017:0490",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"name": "USN-3270-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"name": "SUSE-SU-2016:2387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"name": "openSUSE-SU-2017:0513",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"name": "openSUSE-SU-2017:0374",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"name": "SUSE-SU-2016:2468",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"name": "SUSE-SU-2017:0346",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"name": "openSUSE-SU-2016:2496",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"name": "USN-3198-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"name": "SUSE-SU-2017:1444",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"name": "SUSE-SU-2016:2394",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"name": "USN-3179-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"name": "RHSA-2019:1245",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"name": "RHSA-2019:2859",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"name": "RHSA-2020:0451",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://sweet32.info/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/articles/2548661"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"tags": [
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"tags": [
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:0338",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"name": "RHSA-2017:3240",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "RHSA-2017:2709",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"name": "92630",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/92630"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"name": "RHSA-2017:3239",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "42091",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"name": "GLSA-201701-65",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "1036696",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036696"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "GLSA-201707-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"name": "95568",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/95568"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name": "RHSA-2017:2710",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
"tags": [
"mailing-list"
],
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"name": "RHSA-2018:2123",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"name": "RHSA-2017:0337",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"name": "RHSA-2017:2708",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"name": "RHSA-2017:0336",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"name": "SUSE-SU-2016:2470",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name": "RHSA-2017:0462",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"name": "SUSE-SU-2017:2700",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"name": "USN-3087-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"name": "SUSE-SU-2016:2469",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
},
{
"name": "openSUSE-SU-2016:2537",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"name": "USN-3087-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
},
{
"name": "SUSE-SU-2017:2699",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
},
{
"name": "openSUSE-SU-2016:2407",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
},
{
"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"name": "USN-3194-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3194-1"
},
{
"name": "SUSE-SU-2016:2458",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2018/Nov/21"
},
{
"url": "https://support.f5.com/csp/article/K13167034"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
},
{
"name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"name": "DSA-3673",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"name": "openSUSE-SU-2016:2391",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"name": "USN-3372-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3372-1"
},
{
"name": "openSUSE-SU-2018:0458",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"name": "SUSE-SU-2017:0460",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"name": "SUSE-SU-2017:0490",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"name": "USN-3270-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3270-1"
},
{
"name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
},
{
"name": "SUSE-SU-2016:2387",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"name": "openSUSE-SU-2017:0513",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"name": "openSUSE-SU-2017:0374",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
},
{
"url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
},
{
"name": "SUSE-SU-2016:2468",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"name": "SUSE-SU-2017:0346",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"name": "openSUSE-SU-2016:2496",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"name": "USN-3198-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3198-1"
},
{
"url": "http://seclists.org/fulldisclosure/2017/May/105"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
},
{
"name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"name": "SUSE-SU-2017:1444",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"name": "SUSE-SU-2016:2394",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"name": "USN-3179-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3179-1"
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"name": "RHSA-2019:1245",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"name": "RHSA-2019:2859",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"name": "RHSA-2020:0451",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0451"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"url": "https://sweet32.info/"
},
{
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"url": "https://access.redhat.com/articles/2548661"
},
{
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2183",
"datePublished": "2016-09-01T00:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10202
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:09
Severity ?
EPSS score ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99865 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038923 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 Version: 12.2.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:33:16.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99865"
},
{
"name": "1038923",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-10202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:39:21.461339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T17:09:47.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "99865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99865"
},
{
"name": "1038923",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99865"
},
{
"name": "1038923",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038923"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-10202",
"datePublished": "2017-08-08T15:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-10-04T17:09:47.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25329
Vulnerability from cvelistv5
Published
2021-03-01 12:00
Modified
2024-08-03 20:03
Severity ?
EPSS score ?
Summary
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Tomcat |
Version: Apache Tomcat 10 < 10.0.0 Version: Apache Tomcat 9 < 9.0.41 Version: Apache Tomcat 8.5 < 8.5.61 Version: Apache Tomcat 7 < 7.0.107 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "Apache Tomcat 10",
"versionType": "custom"
},
{
"lessThan": "9.0.41",
"status": "affected",
"version": "Apache Tomcat 9",
"versionType": "custom"
},
{
"lessThan": "8.5.61",
"status": "affected",
"version": "Apache Tomcat 8.5",
"versionType": "custom"
},
{
"lessThan": "7.0.107",
"status": "affected",
"version": "Apache Tomcat 7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified by Trung Pham of Viettel Cyber Security."
}
],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution via session persistence",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T04:08:20",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete fix for CVE-2020-9484",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-25329",
"STATE": "PUBLIC",
"TITLE": "Incomplete fix for CVE-2020-9484"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 10",
"version_value": "10.0.0"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.41"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 8.5",
"version_value": "8.5.61"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 7",
"version_value": "7.0.107"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was identified by Trung Pham of Viettel Cyber Security."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution via session persistence"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210409-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-25329",
"datePublished": "2021-03-01T12:00:20",
"dateReserved": "2021-01-19T00:00:00",
"dateUpdated": "2024-08-03T20:03:05.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2337
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-09-26 14:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:58:33.398292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:06:26.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:43:16",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2337",
"datePublished": "2021-07-20T22:43:16",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T14:06:26.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35168
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5, 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5, 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:19:24",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-35168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5, 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-35168",
"datePublished": "2022-07-11T19:25:57.203951Z",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-09-16T16:33:23.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-2444
Vulnerability from cvelistv5
Published
2019-01-16 19:00
Modified
2024-10-02 16:13
Severity ?
EPSS score ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106584 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 12.2.0.1 Version: 18c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:49:47.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106584"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:22.458271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:13:57.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "18c"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2444",
"datePublished": "2019-01-16T19:00:00",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T16:13:57.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2334
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-09-26 14:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:52:21.071944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:06:47.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:43:13",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2334",
"datePublished": "2021-07-20T22:43:13",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T14:06:47.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1288
Vulnerability from cvelistv5
Published
2018-07-26 14:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Kafka |
Version: 0.9.0.0 to 0.9.0.1 Version: 0.10.0.0 to 0.10.2.1 Version: 0.11.0.0 to 0.11.0.2 Version: 1.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[kafka-users] 20180726 CVE-2018-1288: Authenticated Kafka clients may interfere with data replication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "104900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104900"
},
{
"name": "RHSA-2018:3768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"name": "[kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[flink-issues] 20200402 [GitHub] [flink] zentol opened a new pull request #11617: [FLINK-16389][kafka] Bump kafka version to 0.10.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Kafka",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.9.0.0 to 0.9.0.1"
},
{
"status": "affected",
"version": "0.10.0.0 to 0.10.2.1"
},
{
"status": "affected",
"version": "0.11.0.0 to 0.11.0.2"
},
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2018-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:06:12",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[kafka-users] 20180726 CVE-2018-1288: Authenticated Kafka clients may interfere with data replication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "104900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104900"
},
{
"name": "RHSA-2018:3768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"name": "[kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[flink-issues] 20200402 [GitHub] [flink] zentol opened a new pull request #11617: [FLINK-16389][kafka] Bump kafka version to 0.10.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Kafka",
"version": {
"version_data": [
{
"version_value": "0.9.0.0 to 0.9.0.1"
},
{
"version_value": "0.10.0.0 to 0.10.2.1"
},
{
"version_value": "0.11.0.0 to 0.11.0.2"
},
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[kafka-users] 20180726 CVE-2018-1288: Authenticated Kafka clients may interfere with data replication",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef@%3Cusers.kafka.apache.org%3E"
},
{
"name": "104900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104900"
},
{
"name": "RHSA-2018:3768",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"name": "[kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[flink-issues] 20200402 [GitHub] [flink] zentol opened a new pull request #11617: [FLINK-16389][kafka] Bump kafka version to 0.10.2.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1288",
"datePublished": "2018-07-26T14:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T02:52:05.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21432
Vulnerability from cvelistv5
Published
2022-07-19 21:06
Modified
2024-09-24 20:04
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Text |
Version: 12.1.0.2 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:07:43.595939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:04:30.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Text",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T21:06:34",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Text",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "2.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21432",
"datePublished": "2022-07-19T21:06:34",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:04:30.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3310
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-08 20:35
Severity ?
EPSS score ?
Summary
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95481 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037630 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95481"
},
{
"name": "1037630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:06:03.078686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:35:09.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95481"
},
{
"name": "1037630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_value": "11.2.0.4"
},
{
"version_value": "12.1.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95481"
},
{
"name": "1037630",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037630"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3310",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-08T20:35:09.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29508
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Micro Edition Suite |
Version: unspecified < 4.1.5 / 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Micro Edition Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 / 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331: Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:18:19",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-29508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 / 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331: Insufficient Entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29508",
"datePublished": "2022-07-11T19:25:32.041607Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T16:13:48.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21498
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-09-24 20:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:07:46.825408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:05:23.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:38:53",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21498",
"datePublished": "2022-04-19T20:38:53",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:05:23.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35551
Vulnerability from cvelistv5
Published
2021-10-20 10:50
Modified
2024-09-25 19:37
Severity ?
EPSS score ?
Summary
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.2.0.1 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:14:59.290441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:37:05.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:50:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-35551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-35551",
"datePublished": "2021-10-20T10:50:00",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-25T19:37:05.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0677
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-15 19:11
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035590 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-0677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:58:30.566572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:11:46.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-0677",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2015-12-09T00:00:00",
"dateUpdated": "2024-10-15T19:11:46.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25122
Vulnerability from cvelistv5
Published
2021-03-01 12:00
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Tomcat |
Version: Apache Tomcat 10 < 10.0.2 Version: Apache Tomcat 9 < 9.0.42 Version: Apache Tomcat 8.5 < 8.5.62 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "Apache Tomcat 10",
"versionType": "custom"
},
{
"lessThan": "9.0.42",
"status": "affected",
"version": "Apache Tomcat 9",
"versionType": "custom"
},
{
"lessThan": "8.5.62",
"status": "affected",
"version": "Apache Tomcat 8.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-21T04:06:31",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Tomcat h2c request mix-up",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-25122",
"STATE": "PUBLIC",
"TITLE": "Apache Tomcat h2c request mix-up"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 10",
"version_value": "10.0.2"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.42"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tomcat 8.5",
"version_value": "8.5.62"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"name": "DSA-4891",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210409-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-25122",
"datePublished": "2021-03-01T12:00:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-2406
Vulnerability from cvelistv5
Published
2019-01-16 19:00
Modified
2024-10-02 16:22
Severity ?
EPSS score ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106591 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 18c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:49:47.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:31.371174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:22:37.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "18c"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2406",
"datePublished": "2019-01-16T19:00:00",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T16:22:37.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35558
Vulnerability from cvelistv5
Published
2021-10-20 10:50
Modified
2024-09-25 19:35
Severity ?
EPSS score ?
Summary
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:14:56.309396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:35:48.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:50:06",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-35558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-35558",
"datePublished": "2021-10-20T10:50:06",
"dateReserved": "2021-06-28T00:00:00",
"dateUpdated": "2024-09-25T19:35:48.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29507
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell BSAFE Crypto-C Micro Edition",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.1.5 and 4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:18:08",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-07-06",
"ID": "CVE-2020-29507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.5 and 4.6"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29507",
"datePublished": "2022-07-11T19:25:26.309406Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T20:22:19.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-2619
Vulnerability from cvelistv5
Published
2019-04-23 18:16
Modified
2024-10-02 15:59
Severity ?
EPSS score ?
Summary
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Oracle Database |
Version: 11.2.0.4 Version: 12.1.0.2 Version: 12.2.0.1 Version: 18c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:55:56.354863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:59:03.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Database",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.2.0.4"
},
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "18c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T18:16:41",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2619",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:59:03.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0690
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-15 19:09
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035590 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-0690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:58:17.893203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:09:37.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1035590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035590"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-0690",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2015-12-09T00:00:00",
"dateUpdated": "2024-10-15T19:09:37.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21411
Vulnerability from cvelistv5
Published
2022-04-19 20:36
Modified
2024-09-24 20:13
Severity ?
EPSS score ?
Summary
Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 19c Version: 21c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T17:43:42.595541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:13:57.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "19c"
},
{
"status": "affected",
"version": "21c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:36:47",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "19c"
},
{
"version_affected": "=",
"version_value": "21c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21411",
"datePublished": "2022-04-19T20:36:47",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:13:57.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2335
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-09-26 14:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 12.1.0.2 Version: 12.2.0.1 Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:52:19.623499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:06:41.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0.2"
},
{
"status": "affected",
"version": "12.2.0.1"
},
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:43:14",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2335",
"datePublished": "2021-07-20T22:43:14",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T14:06:41.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21410
Vulnerability from cvelistv5
Published
2022-04-19 20:36
Modified
2024-09-24 20:14
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | Database - Enterprise Edition |
Version: 19c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T17:38:07.044367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:14:05.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Database - Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "19c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:36:45",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21410",
"datePublished": "2022-04-19T20:36:45",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:14:05.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3740
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSA BSAFE Crypto-J",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "prior to 6.2.5"
}
]
}
],
"datePublic": "2019-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310: Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:43",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174%3B-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-08-15",
"ID": "CVE-2019-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA BSAFE Crypto-J",
"version": {
"version_data": [
{
"version_value": "prior to 6.2.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310: Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3740",
"datePublished": "2019-09-18T22:23:10.138468Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:40:53.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}